ansible-collections/middleware_automation.keycloak
1
0
Fork 0
mirror of https://github.com/ansible-middleware/keycloak.git synced 2025-04-09 20:30:28 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
middleware_automation.keycloak/main/plugins/keycloak_user_federation.html
github-actions 669dc31c39 Update docs for main 
Signed-off-by: github-actions <ggraziol@redhat.com>
2023-08-24 11:22:09 +00:00

1036 lines
No EOL
113 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html class="writer-html5" lang="en" >
<head>
<meta charset="utf-8" /><meta name="generator" content="Docutils 0.18.1: http://docutils.sourceforge.net/" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>keycloak_user_federation Allows administration of Keycloak user federations via Keycloak API &mdash; Keycloak Ansible Collection documentation</title>
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
<link rel="stylesheet" href="../_static/antsibull-minimal.css" type="text/css" />
<link rel="stylesheet" href="../_static/ansible-basic-sphinx-ext.css" type="text/css" />
<!--[if lt IE 9]>
<script src="../_static/js/html5shiv.min.js"></script>
<![endif]-->
<script src="../_static/jquery.js?v=5d32c60e"></script>
<script src="../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
<script src="../_static/documentation_options.js?v=5929fcd5"></script>
<script src="../_static/doctools.js?v=888ff710"></script>
<script src="../_static/sphinx_highlight.js?v=dc90522c"></script>
<script src="../_static/js/theme.js"></script>
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<link rel="next" title="Role Index" href="../roles/index.html" />
<link rel="prev" title="keycloak_role Allows administration of Keycloak roles via Keycloak API" href="keycloak_role.html" />
</head>
<body class="wy-body-for-nav">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-scroll">
<div class="wy-side-nav-search" >
<a href="../index.html" class="icon icon-home">
Keycloak Ansible Collection
</a>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div><div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
<p class="caption" role="heading"><span class="caption-text">User documentation</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../README.html">Ansible Collection - middleware_automation.keycloak</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html">Plugin Index</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="keycloak_client.html">keycloak_client Allows administration of Keycloak clients via Keycloak API</a></li>
<li class="toctree-l2"><a class="reference internal" href="keycloak_role.html">keycloak_role Allows administration of Keycloak roles via Keycloak API</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">keycloak_user_federation Allows administration of Keycloak user federations via Keycloak API</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#synopsis">Synopsis</a></li>
<li class="toctree-l3"><a class="reference internal" href="#parameters">Parameters</a></li>
<li class="toctree-l3"><a class="reference internal" href="#attributes">Attributes</a></li>
<li class="toctree-l3"><a class="reference internal" href="#examples">Examples</a></li>
<li class="toctree-l3"><a class="reference internal" href="#return-values">Return Values</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#authors">Authors</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../roles/index.html">Role Index</a></li>
</ul>
<p class="caption" role="heading"><span class="caption-text">Developer documentation</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../testing.html">Testing</a></li>
<li class="toctree-l1"><a class="reference internal" href="../developing.html">Contributors Guidelines</a></li>
<li class="toctree-l1"><a class="reference internal" href="../releasing.html">Collection Versioning Strategy</a></li>
</ul>
<p class="caption" role="heading"><span class="caption-text">General</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../CHANGELOG.html">Changelog</a></li>
</ul>
<p class="caption" role="heading"><span class="caption-text">Middleware collections</span></p>
<ul>
<li class="toctree-l1"><a class="reference external" href="https://ansible-middleware.github.io/infinispan/">Infinispan / Red Hat Data Grid</a></li>
<li class="toctree-l1"><a class="reference external" href="https://ansible-middleware.github.io/keycloak/">Keycloak / Red Hat Single Sign-On</a></li>
<li class="toctree-l1"><a class="reference external" href="https://ansible-middleware.github.io/wildfly/">Wildfly / Red Hat JBoss EAP</a></li>
<li class="toctree-l1"><a class="reference external" href="https://ansible-middleware.github.io/jws/">Tomcat / Red Hat JWS</a></li>
<li class="toctree-l1"><a class="reference external" href="https://ansible-middleware.github.io/amq/">ActiveMQ / Red Hat AMQ Broker</a></li>
<li class="toctree-l1"><a class="reference external" href="https://ansible-middleware.github.io/amq_streams/">Kafka / Red Hat AMQ Streams</a></li>
<li class="toctree-l1"><a class="reference external" href="https://ansible-middleware.github.io/redhat-csp-download/">Red Hat CSP Download</a></li>
<li class="toctree-l1"><a class="reference external" href="https://ansible-middleware.github.io/ansible_collections_jcliff/">JCliff</a></li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"><nav class="wy-nav-top" aria-label="Mobile navigation menu" >
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="../index.html">Keycloak Ansible Collection</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="../index.html" class="icon icon-home" aria-label="Home"></a></li>
<li class="breadcrumb-item"><a href="index.html">Plugin Index</a></li>
<li class="breadcrumb-item active">keycloak_user_federation Allows administration of Keycloak user federations via Keycloak API</li>
<li class="wy-breadcrumbs-aside">
<a href="../_sources/plugins/keycloak_user_federation.rst.txt" rel="nofollow"> View page source</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<span class="target" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module"></span><section id="keycloak-user-federation-allows-administration-of-keycloak-user-federations-via-keycloak-api">
<h1>keycloak_user_federation Allows administration of Keycloak user federations via Keycloak API<a class="headerlink" href="#keycloak-user-federation-allows-administration-of-keycloak-user-federations-via-keycloak-api" title="Link to this heading"></a></h1>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>This module is part of the <a class="reference external" href="https://galaxy.ansible.com/middleware_automation/keycloak">middleware_automation.keycloak collection</a>.</p>
<p>To install it, use: <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">install</span> <span class="pre">middleware_automation.keycloak</span></code>.</p>
<p>To use it in a playbook, specify: <code class="code docutils literal notranslate"><span class="pre">middleware_automation.keycloak.keycloak_user_federation</span></code>.</p>
</div>
<p class="ansible-version-added">New in middleware_automation.keycloak 3.7.0</p>
<nav class="contents local" id="contents">
<ul class="simple">
<li><p><a class="reference internal" href="#synopsis" id="id1">Synopsis</a></p></li>
<li><p><a class="reference internal" href="#parameters" id="id2">Parameters</a></p></li>
<li><p><a class="reference internal" href="#attributes" id="id3">Attributes</a></p></li>
<li><p><a class="reference internal" href="#examples" id="id4">Examples</a></p></li>
<li><p><a class="reference internal" href="#return-values" id="id5">Return Values</a></p></li>
</ul>
</nav>
<section id="synopsis">
<h2><a class="toc-backref" href="#id1" role="doc-backlink">Synopsis</a><a class="headerlink" href="#synopsis" title="Link to this heading"></a></h2>
<ul class="simple">
<li><p>This module allows you to add, remove or modify Keycloak user federations via the Keycloak REST API. It requires access to the REST API via OpenID Connect; the user connecting and the client being used must have the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with the scope tailored to your needs and a user having the expected roles.</p></li>
<li><p>The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation at <a class="reference external" href="https://www.keycloak.org/docs-api/20.0.2/rest-api/index.html">https://www.keycloak.org/docs-api/20.0.2/rest-api/index.html</a>.</p></li>
</ul>
</section>
<section id="parameters">
<h2><a class="toc-backref" href="#id2" role="doc-backlink">Parameters</a><a class="headerlink" href="#parameters" title="Link to this heading"></a></h2>
<table class="ansible-option-table docutils align-default" style="width: 100%">
<thead>
<tr class="row-odd"><th class="head"><p>Parameter</p></th>
<th class="head"><p>Comments</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-auth_client_id"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-auth-client-id"><strong>auth_client_id</strong></p>
<a class="ansibleOptionLink" href="#parameter-auth_client_id" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>OpenID Connect <em>client_id</em> to authenticate to the API with.</p>
<p class="ansible-option-line"><span class="ansible-option-default-bold">Default:</span> <code class="ansible-option-default docutils literal notranslate"><span class="pre">&quot;admin-cli&quot;</span></code></p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-auth_client_secret"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-auth-client-secret"><strong>auth_client_secret</strong></p>
<a class="ansibleOptionLink" href="#parameter-auth_client_secret" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Client Secret to use in conjunction with <em>auth_client_id</em> (if required).</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-auth_keycloak_url"></div>
<div class="ansibleOptionAnchor" id="parameter-url"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-url"><span id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-auth-keycloak-url"></span><strong>auth_keycloak_url</strong></p>
<a class="ansibleOptionLink" href="#parameter-auth_keycloak_url" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-aliases">aliases: url</span></p>
<p class="ansible-option-type-line"><span class="ansible-option-type">string</span> / <span class="ansible-option-required">required</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>URL to the Keycloak instance.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-auth_password"></div>
<div class="ansibleOptionAnchor" id="parameter-password"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-password"><span id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-auth-password"></span><strong>auth_password</strong></p>
<a class="ansibleOptionLink" href="#parameter-auth_password" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-aliases">aliases: password</span></p>
<p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Password to authenticate for API access with.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-auth_realm"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-auth-realm"><strong>auth_realm</strong></p>
<a class="ansibleOptionLink" href="#parameter-auth_realm" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Keycloak realm name to authenticate to for API access.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-auth_username"></div>
<div class="ansibleOptionAnchor" id="parameter-username"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-username"><span id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-auth-username"></span><strong>auth_username</strong></p>
<a class="ansibleOptionLink" href="#parameter-auth_username" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-aliases">aliases: username</span></p>
<p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Username to authenticate for API access with.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config"><strong>config</strong></p>
<a class="ansibleOptionLink" href="#parameter-config" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Dict specifying the configuration options for the provider; the contents differ depending on the value of <em>provider_id</em>. Examples are given below for <code class="docutils literal notranslate"><span class="pre">ldap</span></code>, <code class="docutils literal notranslate"><span class="pre">kerberos</span></code> and <code class="docutils literal notranslate"><span class="pre">sssd</span></code>. It is easiest to obtain valid config values by dumping an already-existing user federation configuration through check-mode in the <em>existing</em> field.</p>
<p>The value <code class="docutils literal notranslate"><span class="pre">sssd</span></code> has been supported since middleware_automation.keycloak 1.0.0.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/allowKerberosAuthentication"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-allowkerberosauthentication"><strong>allowKerberosAuthentication</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/allowKerberosAuthentication" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users will be provisioned from this LDAP server.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">false</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/allowPasswordAuthentication"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-allowpasswordauthentication"><strong>allowPasswordAuthentication</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/allowPasswordAuthentication" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Enable/disable possibility of username/password authentication against Kerberos database.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">false</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/authType"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-authtype"><strong>authType</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/authType" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Type of the Authentication method used during LDAP Bind operation. It is used in most of the requests sent to the LDAP server.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">&quot;none&quot;</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;simple&quot;</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/batchSizeForSync"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-batchsizeforsync"><strong>batchSizeForSync</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/batchSizeForSync" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Count of LDAP users to be imported from LDAP to Keycloak within a single transaction.</p>
<p class="ansible-option-line"><span class="ansible-option-default-bold">Default:</span> <code class="ansible-option-default docutils literal notranslate"><span class="pre">1000</span></code></p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/bindCredential"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-bindcredential"><strong>bindCredential</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/bindCredential" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Password of LDAP admin.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/bindDn"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-binddn"><strong>bindDn</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/bindDn" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>DN of LDAP user which will be used by Keycloak to access LDAP server.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/cachePolicy"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-cachepolicy"><strong>cachePolicy</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/cachePolicy" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Cache Policy for this storage provider.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">&quot;DEFAULT&quot;</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;EVICT_DAILY&quot;</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;EVICT_WEEKLY&quot;</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;MAX_LIFESPAN&quot;</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;NO_CACHE&quot;</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/changedSyncPeriod"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-changedsyncperiod"><strong>changedSyncPeriod</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/changedSyncPeriod" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Period for synchronization of changed or newly created LDAP users in seconds.</p>
<p class="ansible-option-line"><span class="ansible-option-default-bold">Default:</span> <code class="ansible-option-default docutils literal notranslate"><span class="pre">-1</span></code></p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/connectionPooling"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-connectionpooling"><strong>connectionPooling</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/connectionPooling" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Determines if Keycloak should use connection pooling for accessing LDAP server.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">false</span></code></p></li>
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">true</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/connectionPoolingAuthentication"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-connectionpoolingauthentication"><strong>connectionPoolingAuthentication</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/connectionPoolingAuthentication" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>A list of space-separated authentication types of connections that may be pooled.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;none&quot;</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;simple&quot;</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;DIGEST-MD5&quot;</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/connectionPoolingDebug"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-connectionpoolingdebug"><strong>connectionPoolingDebug</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/connectionPoolingDebug" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>A string that indicates the level of debug output to produce. Example valid values are <code class="docutils literal notranslate"><span class="pre">fine</span></code> (trace connection creation and removal) and <code class="docutils literal notranslate"><span class="pre">all</span></code> (all debugging information).</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/connectionPoolingInitSize"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-connectionpoolinginitsize"><strong>connectionPoolingInitSize</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/connectionPoolingInitSize" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The number of connections per connection identity to create when initially creating a connection for the identity.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/connectionPoolingMaxSize"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-connectionpoolingmaxsize"><strong>connectionPoolingMaxSize</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/connectionPoolingMaxSize" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The maximum number of connections per connection identity that can be maintained concurrently.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/connectionPoolingPrefSize"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-connectionpoolingprefsize"><strong>connectionPoolingPrefSize</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/connectionPoolingPrefSize" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The preferred number of connections per connection identity that should be maintained concurrently.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/connectionPoolingProtocol"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-connectionpoolingprotocol"><strong>connectionPoolingProtocol</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/connectionPoolingProtocol" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>A list of space-separated protocol types of connections that may be pooled. Valid types are <code class="docutils literal notranslate"><span class="pre">plain</span></code> and <code class="docutils literal notranslate"><span class="pre">ssl</span></code>.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/connectionPoolingTimeout"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-connectionpoolingtimeout"><strong>connectionPoolingTimeout</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/connectionPoolingTimeout" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The number of milliseconds that an idle connection may remain in the pool without being closed and removed from the pool.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/connectionTimeout"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-connectiontimeout"><strong>connectionTimeout</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/connectionTimeout" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>LDAP Connection Timeout in milliseconds.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/connectionUrl"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-connectionurl"><strong>connectionUrl</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/connectionUrl" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Connection URL to your LDAP server.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/customUserSearchFilter"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-customusersearchfilter"><strong>customUserSearchFilter</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/customUserSearchFilter" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Additional LDAP Filter for filtering searched users. Leave this empty if you dont need additional filter.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/debug"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-debug"><strong>debug</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/debug" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Enable/disable debug logging to standard output for Krb5LoginModule.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">false</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/editMode"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-editmode"><strong>editMode</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/editMode" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p><code class="docutils literal notranslate"><span class="pre">READ_ONLY</span></code> is a read-only LDAP store. <code class="docutils literal notranslate"><span class="pre">WRITABLE</span></code> means data will be synced back to LDAP on demand. <code class="docutils literal notranslate"><span class="pre">UNSYNCED</span></code> means user data will be imported, but not synced back to LDAP.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;READ_ONLY&quot;</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;WRITABLE&quot;</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;UNSYNCED&quot;</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/enabled"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-enabled"><strong>enabled</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/enabled" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Enable/disable this user federation.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">false</span></code></p></li>
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">true</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/evictionDay"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-evictionday"><strong>evictionDay</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/evictionDay" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Day of the week the entry will become invalid on.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/evictionHour"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-evictionhour"><strong>evictionHour</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/evictionHour" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Hour of day the entry will become invalid on.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/evictionMinute"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-evictionminute"><strong>evictionMinute</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/evictionMinute" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Minute of day the entry will become invalid on.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/fullSyncPeriod"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-fullsyncperiod"><strong>fullSyncPeriod</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/fullSyncPeriod" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Period for full synchronization in seconds.</p>
<p class="ansible-option-line"><span class="ansible-option-default-bold">Default:</span> <code class="ansible-option-default docutils literal notranslate"><span class="pre">-1</span></code></p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/importEnabled"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-importenabled"><strong>importEnabled</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/importEnabled" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>If <code class="docutils literal notranslate"><span class="pre">true</span></code>, LDAP users will be imported into Keycloak DB and synced by the configured sync policies.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">false</span></code></p></li>
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">true</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/kerberosRealm"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-kerberosrealm"><strong>kerberosRealm</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/kerberosRealm" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Name of kerberos realm.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/keyTab"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-keytab"><strong>keyTab</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/keyTab" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Location of Kerberos KeyTab file containing the credentials of server principal. For example <code class="docutils literal notranslate"><span class="pre">/etc/krb5.keytab</span></code>.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/maxLifespan"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-maxlifespan"><strong>maxLifespan</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/maxLifespan" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Max lifespan of cache entry in milliseconds.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/pagination"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-pagination"><strong>pagination</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/pagination" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Does the LDAP server support pagination.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">false</span></code></p></li>
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">true</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/priority"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-priority"><strong>priority</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/priority" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Priority of provider when doing a user lookup. Lowest first.</p>
<p class="ansible-option-line"><span class="ansible-option-default-bold">Default:</span> <code class="ansible-option-default docutils literal notranslate"><span class="pre">0</span></code></p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/rdnLDAPAttribute"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-rdnldapattribute"><strong>rdnLDAPAttribute</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/rdnLDAPAttribute" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Name of LDAP attribute, which is used as RDN (top attribute) of typical user DN. Usually its the same as Username LDAP attribute, however it is not required. For example for Active directory, it is common to use <code class="docutils literal notranslate"><span class="pre">cn</span></code> as RDN attribute when username attribute might be <code class="docutils literal notranslate"><span class="pre">sAMAccountName</span></code>.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/readTimeout"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-readtimeout"><strong>readTimeout</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/readTimeout" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>LDAP Read Timeout in milliseconds. This timeout applies for LDAP read operations.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/searchScope"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-searchscope"><strong>searchScope</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/searchScope" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>For one level, the search applies only for users in the DNs specified by User DNs. For subtree, the search applies to the whole subtree. See LDAP documentation for more details.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">&quot;1&quot;</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;2&quot;</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/serverPrincipal"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-serverprincipal"><strong>serverPrincipal</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/serverPrincipal" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Full name of server principal for HTTP service including server and domain name. For example <code class="docutils literal notranslate"><span class="pre">HTTP/host.foo.org&#64;FOO.ORG</span></code>. Use <code class="docutils literal notranslate"><span class="pre">*</span></code> to accept any service principal in the KeyTab file.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/startTls"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-starttls"><strong>startTls</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/startTls" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Encrypts the connection to LDAP using STARTTLS, which will disable connection pooling.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">false</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/syncRegistrations"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-syncregistrations"><strong>syncRegistrations</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/syncRegistrations" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Should newly created users be created within LDAP store? Priority effects which provider is chosen to sync the new user.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">false</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/trustEmail"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-trustemail"><strong>trustEmail</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/trustEmail" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>If enabled, email provided by this provider is not verified even if verification is enabled for the realm.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">false</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/updateProfileFirstLogin"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-updateprofilefirstlogin"><strong>updateProfileFirstLogin</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/updateProfileFirstLogin" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Update profile on first login.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">false</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/useKerberosForPasswordAuthentication"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-usekerberosforpasswordauthentication"><strong>useKerberosForPasswordAuthentication</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/useKerberosForPasswordAuthentication" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Use Kerberos login module for authenticate username/password against Kerberos server instead of authenticating against LDAP server with Directory Service API.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">false</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/usePasswordModifyExtendedOp"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-usepasswordmodifyextendedop"><strong>usePasswordModifyExtendedOp</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/usePasswordModifyExtendedOp" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Use the LDAPv3 Password Modify Extended Operation (RFC-3062). The password modify extended operation usually requires that LDAP user already has password in the LDAP server. So when this is used with Sync Registrations, it can be good to add also Hardcoded LDAP attribute mapper with randomly generated initial password.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">false</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/usernameLDAPAttribute"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-usernameldapattribute"><strong>usernameLDAPAttribute</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/usernameLDAPAttribute" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Name of LDAP attribute, which is mapped as Keycloak username. For many LDAP server vendors it can be <code class="docutils literal notranslate"><span class="pre">uid</span></code>. For Active directory it can be <code class="docutils literal notranslate"><span class="pre">sAMAccountName</span></code> or <code class="docutils literal notranslate"><span class="pre">cn</span></code>. The attribute should be filled for all LDAP user records you want to import from LDAP to Keycloak.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/userObjectClasses"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-userobjectclasses"><strong>userObjectClasses</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/userObjectClasses" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>All values of LDAP objectClass attribute for users in LDAP divided by comma. For example <code class="docutils literal notranslate"><span class="pre">inetOrgPerson,</span> <span class="pre">organizationalPerson</span></code>. Newly created Keycloak users will be written to LDAP with all those object classes and existing LDAP user records are found just if they contain all those object classes.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/usersDn"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-usersdn"><strong>usersDn</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/usersDn" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Full DN of LDAP tree where your users are. This DN is the parent of LDAP users.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/useTruststoreSpi"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-usetruststorespi"><strong>useTruststoreSpi</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/useTruststoreSpi" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Specifies whether LDAP connection will use the truststore SPI with the truststore configured in standalone.xml/domain.xml. <code class="docutils literal notranslate"><span class="pre">Always</span></code> means that it will always use it. <code class="docutils literal notranslate"><span class="pre">Never</span></code> means that it will not use it. <code class="docutils literal notranslate"><span class="pre">Only</span> <span class="pre">for</span> <span class="pre">ldaps</span></code> means that it will use if your connection URL use ldaps. Note even if standalone.xml/domain.xml is not configured, the default Java cacerts or certificate specified by <code class="docutils literal notranslate"><span class="pre">javax.net.ssl.trustStore</span></code> property will be used.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;always&quot;</span></code></p></li>
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">&quot;ldapsOnly&quot;</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;never&quot;</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/uuidLDAPAttribute"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-uuidldapattribute"><strong>uuidLDAPAttribute</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/uuidLDAPAttribute" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Name of LDAP attribute, which is used as unique object identifier (UUID) for objects in LDAP. For many LDAP server vendors, it is <code class="docutils literal notranslate"><span class="pre">entryUUID</span></code>; however some are different. For example for Active directory it should be <code class="docutils literal notranslate"><span class="pre">objectGUID</span></code>. If your LDAP server does not support the notion of UUID, you can use any other attribute that is supposed to be unique among LDAP users in tree.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/validatePasswordPolicy"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-validatepasswordpolicy"><strong>validatePasswordPolicy</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/validatePasswordPolicy" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Determines if Keycloak should validate the password with the realm password policy before updating it.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">false</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-config/vendor"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-config-vendor"><strong>vendor</strong></p>
<a class="ansibleOptionLink" href="#parameter-config/vendor" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>LDAP vendor (provider).</p>
<p>Use short name. For instance, write <code class="docutils literal notranslate"><span class="pre">rhds</span></code> for “Red Hat Directory Server”.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-connection_timeout"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-connection-timeout"><strong>connection_timeout</strong></p>
<a class="ansibleOptionLink" href="#parameter-connection_timeout" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
<p><span class="ansible-option-versionadded">added in middleware_automation.keycloak 4.5.0</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Controls the HTTP connections timeout period (in seconds) to Keycloak API.</p>
<p class="ansible-option-line"><span class="ansible-option-default-bold">Default:</span> <code class="ansible-option-default docutils literal notranslate"><span class="pre">10</span></code></p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-http_agent"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-http-agent"><strong>http_agent</strong></p>
<a class="ansibleOptionLink" href="#parameter-http_agent" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><span class="ansible-option-versionadded">added in middleware_automation.keycloak 5.4.0</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Configures the HTTP User-Agent header.</p>
<p class="ansible-option-line"><span class="ansible-option-default-bold">Default:</span> <code class="ansible-option-default docutils literal notranslate"><span class="pre">&quot;Ansible&quot;</span></code></p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-id"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-id"><strong>id</strong></p>
<a class="ansibleOptionLink" href="#parameter-id" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>The unique ID for this user federation. If left empty, the user federation will be searched by its <em>name</em>.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-mappers"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-mappers"><strong>mappers</strong></p>
<a class="ansibleOptionLink" href="#parameter-mappers" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">list</span> / <span class="ansible-option-elements">elements=dictionary</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>A list of dicts defining mappers associated with this Identity Provider.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-mappers/config"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-mappers-config"><strong>config</strong></p>
<a class="ansibleOptionLink" href="#parameter-mappers/config" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Dict specifying the configuration options for the mapper; the contents differ depending on the value of <em>identityProviderMapper</em>.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-mappers/id"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-mappers-id"><strong>id</strong></p>
<a class="ansibleOptionLink" href="#parameter-mappers/id" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Unique ID of this mapper.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-mappers/name"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-mappers-name"><strong>name</strong></p>
<a class="ansibleOptionLink" href="#parameter-mappers/name" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Name of the mapper. If no ID is given, the mapper will be searched by name.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-mappers/parentId"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-mappers-parentid"><strong>parentId</strong></p>
<a class="ansibleOptionLink" href="#parameter-mappers/parentId" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Unique ID for the parent of this mapper. ID of the user federation will automatically be used if left blank.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-mappers/providerId"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-mappers-providerid"><strong>providerId</strong></p>
<a class="ansibleOptionLink" href="#parameter-mappers/providerId" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The mapper type for this mapper (for instance <code class="docutils literal notranslate"><span class="pre">user-attribute-ldap-mapper</span></code>).</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-mappers/providerType"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-mappers-providertype"><strong>providerType</strong></p>
<a class="ansibleOptionLink" href="#parameter-mappers/providerType" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Component type for this mapper.</p>
<p class="ansible-option-line"><span class="ansible-option-default-bold">Default:</span> <code class="ansible-option-default docutils literal notranslate"><span class="pre">&quot;org.keycloak.storage.ldap.mappers.LDAPStorageMapper&quot;</span></code></p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-name"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-name"><strong>name</strong></p>
<a class="ansibleOptionLink" href="#parameter-name" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Display name of provider when linked in admin console.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-parent_id"></div>
<div class="ansibleOptionAnchor" id="parameter-parentId"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-parentid"><span id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-parent-id"></span><strong>parent_id</strong></p>
<a class="ansibleOptionLink" href="#parameter-parent_id" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-aliases">aliases: parentId</span></p>
<p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Unique ID for the parent of this user federation. Realm ID will be automatically used if left blank.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-provider_id"></div>
<div class="ansibleOptionAnchor" id="parameter-providerId"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-providerid"><span id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-provider-id"></span><strong>provider_id</strong></p>
<a class="ansibleOptionLink" href="#parameter-provider_id" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-aliases">aliases: providerId</span></p>
<p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Provider for this user federation.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;ldap&quot;</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;kerberos&quot;</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;sssd&quot;</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-provider_type"></div>
<div class="ansibleOptionAnchor" id="parameter-providerType"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-providertype"><span id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-provider-type"></span><strong>provider_type</strong></p>
<a class="ansibleOptionLink" href="#parameter-provider_type" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-aliases">aliases: providerType</span></p>
<p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Component type for user federation (only supported value is <code class="docutils literal notranslate"><span class="pre">org.keycloak.storage.UserStorageProvider</span></code>).</p>
<p class="ansible-option-line"><span class="ansible-option-default-bold">Default:</span> <code class="ansible-option-default docutils literal notranslate"><span class="pre">&quot;org.keycloak.storage.UserStorageProvider&quot;</span></code></p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-realm"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-realm"><strong>realm</strong></p>
<a class="ansibleOptionLink" href="#parameter-realm" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>The Keycloak realm under which this user federation resides.</p>
<p class="ansible-option-line"><span class="ansible-option-default-bold">Default:</span> <code class="ansible-option-default docutils literal notranslate"><span class="pre">&quot;master&quot;</span></code></p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-state"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-state"><strong>state</strong></p>
<a class="ansibleOptionLink" href="#parameter-state" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>State of the user federation.</p>
<p>On <code class="docutils literal notranslate"><span class="pre">present</span></code>, the user federation will be created if it does not yet exist, or updated with the parameters you provide.</p>
<p>On <code class="docutils literal notranslate"><span class="pre">absent</span></code>, the user federation will be removed if it exists.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">&quot;present&quot;</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;absent&quot;</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-token"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-token"><strong>token</strong></p>
<a class="ansibleOptionLink" href="#parameter-token" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><span class="ansible-option-versionadded">added in middleware_automation.keycloak 3.0.0</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Authentication token for Keycloak API.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-validate_certs"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-parameter-validate-certs"><strong>validate_certs</strong></p>
<a class="ansibleOptionLink" href="#parameter-validate_certs" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Verify TLS certificates (do not disable this in production).</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">false</span></code></p></li>
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">true</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
</ul>
</div></td>
</tr>
</tbody>
</table>
</section>
<section id="attributes">
<h2><a class="toc-backref" href="#id3" role="doc-backlink">Attributes</a><a class="headerlink" href="#attributes" title="Link to this heading"></a></h2>
<table class="ansible-option-table docutils align-default" style="width: 100%">
<thead>
<tr class="row-odd"><th class="head"><p>Attribute</p></th>
<th class="head"><p>Support</p></th>
<th class="head"><p>Description</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="attribute-check_mode"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-attribute-check-mode"><strong>check_mode</strong></p>
<a class="ansibleOptionLink" href="#attribute-check_mode" title="Permalink to this attribute"></a></div></td>
<td><div class="ansible-option-cell"><p><span class="ansible-attribute-support-label">Support: </span><span class="ansible-attribute-support-full">full</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Can run in <code class="docutils literal notranslate"><span class="pre">check_mode</span></code> and return changed status prediction without modifying target.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="attribute-diff_mode"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-attribute-diff-mode"><strong>diff_mode</strong></p>
<a class="ansibleOptionLink" href="#attribute-diff_mode" title="Permalink to this attribute"></a></div></td>
<td><div class="ansible-option-cell"><p><span class="ansible-attribute-support-label">Support: </span><span class="ansible-attribute-support-full">full</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Will return details on what has changed (or possibly needs changing in <code class="docutils literal notranslate"><span class="pre">check_mode</span></code>), when in diff mode.</p>
</div></td>
</tr>
</tbody>
</table>
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id4" role="doc-backlink">Examples</a><a class="headerlink" href="#examples" title="Link to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create LDAP user federation</span>
<span class="w"> </span><span class="nt">middleware_automation.keycloak.keycloak_user_federation</span><span class="p">:</span>
<span class="w"> </span><span class="nt">auth_keycloak_url</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://keycloak.example.com/auth</span>
<span class="w"> </span><span class="nt">auth_realm</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">master</span>
<span class="w"> </span><span class="nt">auth_username</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">admin</span>
<span class="w"> </span><span class="nt">auth_password</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span>
<span class="w"> </span><span class="nt">realm</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-realm</span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-ldap</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">present</span>
<span class="w"> </span><span class="nt">provider_id</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ldap</span>
<span class="w"> </span><span class="nt">provider_type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">org.keycloak.storage.UserStorageProvider</span>
<span class="w"> </span><span class="nt">config</span><span class="p">:</span>
<span class="w"> </span><span class="nt">priority</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">0</span>
<span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">cachePolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">DEFAULT</span>
<span class="w"> </span><span class="nt">batchSizeForSync</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1000</span>
<span class="w"> </span><span class="nt">editMode</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">READ_ONLY</span>
<span class="w"> </span><span class="nt">importEnabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">syncRegistrations</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class="w"> </span><span class="nt">vendor</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">other</span>
<span class="w"> </span><span class="nt">usernameLDAPAttribute</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">uid</span>
<span class="w"> </span><span class="nt">rdnLDAPAttribute</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">uid</span>
<span class="w"> </span><span class="nt">uuidLDAPAttribute</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">entryUUID</span>
<span class="w"> </span><span class="nt">userObjectClasses</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">inetOrgPerson, organizationalPerson</span>
<span class="w"> </span><span class="nt">connectionUrl</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ldaps://ldap.example.com:636</span>
<span class="w"> </span><span class="nt">usersDn</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ou=Users,dc=example,dc=com</span>
<span class="w"> </span><span class="nt">authType</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">simple</span>
<span class="w"> </span><span class="nt">bindDn</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cn=directory reader</span>
<span class="w"> </span><span class="nt">bindCredential</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span>
<span class="w"> </span><span class="nt">searchScope</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1</span>
<span class="w"> </span><span class="nt">validatePasswordPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class="w"> </span><span class="nt">trustEmail</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class="w"> </span><span class="nt">useTruststoreSpi</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ldapsOnly</span>
<span class="w"> </span><span class="nt">connectionPooling</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">pagination</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">allowKerberosAuthentication</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class="w"> </span><span class="nt">debug</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class="w"> </span><span class="nt">useKerberosForPasswordAuthentication</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class="w"> </span><span class="nt">mappers</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;full</span><span class="nv"> </span><span class="s">name&quot;</span>
<span class="w"> </span><span class="nt">providerId</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;full-name-ldap-mapper&quot;</span>
<span class="w"> </span><span class="nt">providerType</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;org.keycloak.storage.ldap.mappers.LDAPStorageMapper&quot;</span>
<span class="w"> </span><span class="nt">config</span><span class="p">:</span>
<span class="w"> </span><span class="nt">ldap.full.name.attribute</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cn</span>
<span class="w"> </span><span class="nt">read.only</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">write.only</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create Kerberos user federation</span>
<span class="w"> </span><span class="nt">middleware_automation.keycloak.keycloak_user_federation</span><span class="p">:</span>
<span class="w"> </span><span class="nt">auth_keycloak_url</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://keycloak.example.com/auth</span>
<span class="w"> </span><span class="nt">auth_realm</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">master</span>
<span class="w"> </span><span class="nt">auth_username</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">admin</span>
<span class="w"> </span><span class="nt">auth_password</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span>
<span class="w"> </span><span class="nt">realm</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-realm</span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-kerberos</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">present</span>
<span class="w"> </span><span class="nt">provider_id</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kerberos</span>
<span class="w"> </span><span class="nt">provider_type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">org.keycloak.storage.UserStorageProvider</span>
<span class="w"> </span><span class="nt">config</span><span class="p">:</span>
<span class="w"> </span><span class="nt">priority</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">0</span>
<span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">cachePolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">DEFAULT</span>
<span class="w"> </span><span class="nt">kerberosRealm</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">EXAMPLE.COM</span>
<span class="w"> </span><span class="nt">serverPrincipal</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">HTTP/host.example.com@EXAMPLE.COM</span>
<span class="w"> </span><span class="nt">keyTab</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">keytab</span>
<span class="w"> </span><span class="nt">allowPasswordAuthentication</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class="w"> </span><span class="nt">updateProfileFirstLogin</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create sssd user federation</span>
<span class="w"> </span><span class="nt">middleware_automation.keycloak.keycloak_user_federation</span><span class="p">:</span>
<span class="w"> </span><span class="nt">auth_keycloak_url</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://keycloak.example.com/auth</span>
<span class="w"> </span><span class="nt">auth_realm</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">master</span>
<span class="w"> </span><span class="nt">auth_username</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">admin</span>
<span class="w"> </span><span class="nt">auth_password</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span>
<span class="w"> </span><span class="nt">realm</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-realm</span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-sssd</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">present</span>
<span class="w"> </span><span class="nt">provider_id</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sssd</span>
<span class="w"> </span><span class="nt">provider_type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">org.keycloak.storage.UserStorageProvider</span>
<span class="w"> </span><span class="nt">config</span><span class="p">:</span>
<span class="w"> </span><span class="nt">priority</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">0</span>
<span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">cachePolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">DEFAULT</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Delete user federation</span>
<span class="w"> </span><span class="nt">middleware_automation.keycloak.keycloak_user_federation</span><span class="p">:</span>
<span class="w"> </span><span class="nt">auth_keycloak_url</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://keycloak.example.com/auth</span>
<span class="w"> </span><span class="nt">auth_realm</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">master</span>
<span class="w"> </span><span class="nt">auth_username</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">admin</span>
<span class="w"> </span><span class="nt">auth_password</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span>
<span class="w"> </span><span class="nt">realm</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-realm</span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-federation</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">absent</span>
</pre></div>
</div>
</section>
<section id="return-values">
<h2><a class="toc-backref" href="#id5" role="doc-backlink">Return Values</a><a class="headerlink" href="#return-values" title="Link to this heading"></a></h2>
<p>Common return values are documented <a class="reference external" href="https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values" title="(in Ansible v8)"><span class="xref std std-ref">here</span></a>, the following are the fields unique to this module:</p>
<table class="ansible-option-table docutils align-default" style="width: 100%">
<thead>
<tr class="row-odd"><th class="head"><p>Key</p></th>
<th class="head"><p>Description</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="return-end_state"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-return-end-state"><strong>end_state</strong></p>
<a class="ansibleOptionLink" href="#return-end_state" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Representation of user federation after module execution.</p>
<p class="ansible-option-line"><span class="ansible-option-returned-bold">Returned:</span> on success</p>
<p class="ansible-option-line ansible-option-sample"><span class="ansible-option-sample-bold">Sample:</span> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">{&quot;config&quot;:</span> <span class="pre">{&quot;allowPasswordAuthentication&quot;:</span> <span class="pre">&quot;false&quot;,</span> <span class="pre">&quot;cachePolicy&quot;:</span> <span class="pre">&quot;DEFAULT&quot;,</span> <span class="pre">&quot;enabled&quot;:</span> <span class="pre">&quot;true&quot;,</span> <span class="pre">&quot;kerberosRealm&quot;:</span> <span class="pre">&quot;EXAMPLE.COM&quot;,</span> <span class="pre">&quot;keyTab&quot;:</span> <span class="pre">&quot;/etc/krb5.keytab&quot;,</span> <span class="pre">&quot;priority&quot;:</span> <span class="pre">&quot;0&quot;,</span> <span class="pre">&quot;serverPrincipal&quot;:</span> <span class="pre">&quot;HTTP/host.example.com&#64;EXAMPLE.COM&quot;,</span> <span class="pre">&quot;updateProfileFirstLogin&quot;:</span> <span class="pre">&quot;false&quot;},</span> <span class="pre">&quot;id&quot;:</span> <span class="pre">&quot;cf52ae4f-4471-4435-a0cf-bb620cadc122&quot;,</span> <span class="pre">&quot;mappers&quot;:</span> <span class="pre">[],</span> <span class="pre">&quot;name&quot;:</span> <span class="pre">&quot;kerberos&quot;,</span> <span class="pre">&quot;parentId&quot;:</span> <span class="pre">&quot;myrealm&quot;,</span> <span class="pre">&quot;providerId&quot;:</span> <span class="pre">&quot;kerberos&quot;,</span> <span class="pre">&quot;providerType&quot;:</span> <span class="pre">&quot;org.keycloak.storage.UserStorageProvider&quot;}</span></code></p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="return-existing"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-return-existing"><strong>existing</strong></p>
<a class="ansibleOptionLink" href="#return-existing" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Representation of existing user federation.</p>
<p class="ansible-option-line"><span class="ansible-option-returned-bold">Returned:</span> always</p>
<p class="ansible-option-line ansible-option-sample"><span class="ansible-option-sample-bold">Sample:</span> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">{&quot;config&quot;:</span> <span class="pre">{&quot;allowKerberosAuthentication&quot;:</span> <span class="pre">&quot;false&quot;,</span> <span class="pre">&quot;authType&quot;:</span> <span class="pre">&quot;simple&quot;,</span> <span class="pre">&quot;batchSizeForSync&quot;:</span> <span class="pre">&quot;1000&quot;,</span> <span class="pre">&quot;bindCredential&quot;:</span> <span class="pre">&quot;**********&quot;,</span> <span class="pre">&quot;bindDn&quot;:</span> <span class="pre">&quot;cn=directory</span> <span class="pre">reader&quot;,</span> <span class="pre">&quot;cachePolicy&quot;:</span> <span class="pre">&quot;DEFAULT&quot;,</span> <span class="pre">&quot;changedSyncPeriod&quot;:</span> <span class="pre">&quot;-1&quot;,</span> <span class="pre">&quot;connectionPooling&quot;:</span> <span class="pre">&quot;true&quot;,</span> <span class="pre">&quot;connectionUrl&quot;:</span> <span class="pre">&quot;ldaps://ldap.example.com:636&quot;,</span> <span class="pre">&quot;debug&quot;:</span> <span class="pre">&quot;false&quot;,</span> <span class="pre">&quot;editMode&quot;:</span> <span class="pre">&quot;READ_ONLY&quot;,</span> <span class="pre">&quot;enabled&quot;:</span> <span class="pre">&quot;true&quot;,</span> <span class="pre">&quot;fullSyncPeriod&quot;:</span> <span class="pre">&quot;-1&quot;,</span> <span class="pre">&quot;importEnabled&quot;:</span> <span class="pre">&quot;true&quot;,</span> <span class="pre">&quot;pagination&quot;:</span> <span class="pre">&quot;true&quot;,</span> <span class="pre">&quot;priority&quot;:</span> <span class="pre">&quot;0&quot;,</span> <span class="pre">&quot;rdnLDAPAttribute&quot;:</span> <span class="pre">&quot;uid&quot;,</span> <span class="pre">&quot;searchScope&quot;:</span> <span class="pre">&quot;1&quot;,</span> <span class="pre">&quot;syncRegistrations&quot;:</span> <span class="pre">&quot;false&quot;,</span> <span class="pre">&quot;trustEmail&quot;:</span> <span class="pre">&quot;false&quot;,</span> <span class="pre">&quot;useKerberosForPasswordAuthentication&quot;:</span> <span class="pre">&quot;false&quot;,</span> <span class="pre">&quot;useTruststoreSpi&quot;:</span> <span class="pre">&quot;ldapsOnly&quot;,</span> <span class="pre">&quot;userObjectClasses&quot;:</span> <span class="pre">&quot;inetOrgPerson,</span> <span class="pre">organizationalPerson&quot;,</span> <span class="pre">&quot;usernameLDAPAttribute&quot;:</span> <span class="pre">&quot;uid&quot;,</span> <span class="pre">&quot;usersDn&quot;:</span> <span class="pre">&quot;ou=Users,dc=example,dc=com&quot;,</span> <span class="pre">&quot;uuidLDAPAttribute&quot;:</span> <span class="pre">&quot;entryUUID&quot;,</span> <span class="pre">&quot;validatePasswordPolicy&quot;:</span> <span class="pre">&quot;false&quot;,</span> <span class="pre">&quot;vendor&quot;:</span> <span class="pre">&quot;other&quot;},</span> <span class="pre">&quot;id&quot;:</span> <span class="pre">&quot;01122837-9047-4ae4-8ca0-6e2e891a765f&quot;,</span> <span class="pre">&quot;mappers&quot;:</span> <span class="pre">[{&quot;config&quot;:</span> <span class="pre">{&quot;always.read.value.from.ldap&quot;:</span> <span class="pre">&quot;false&quot;,</span> <span class="pre">&quot;is.mandatory.in.ldap&quot;:</span> <span class="pre">&quot;false&quot;,</span> <span class="pre">&quot;ldap.attribute&quot;:</span> <span class="pre">&quot;mail&quot;,</span> <span class="pre">&quot;read.only&quot;:</span> <span class="pre">&quot;true&quot;,</span> <span class="pre">&quot;user.model.attribute&quot;:</span> <span class="pre">&quot;email&quot;},</span> <span class="pre">&quot;id&quot;:</span> <span class="pre">&quot;17d60ce2-2d44-4c2c-8b1f-1fba601b9a9f&quot;,</span> <span class="pre">&quot;name&quot;:</span> <span class="pre">&quot;email&quot;,</span> <span class="pre">&quot;parentId&quot;:</span> <span class="pre">&quot;01122837-9047-4ae4-8ca0-6e2e891a765f&quot;,</span> <span class="pre">&quot;providerId&quot;:</span> <span class="pre">&quot;user-attribute-ldap-mapper&quot;,</span> <span class="pre">&quot;providerType&quot;:</span> <span class="pre">&quot;org.keycloak.storage.ldap.mappers.LDAPStorageMapper&quot;}],</span> <span class="pre">&quot;name&quot;:</span> <span class="pre">&quot;myfed&quot;,</span> <span class="pre">&quot;parentId&quot;:</span> <span class="pre">&quot;myrealm&quot;,</span> <span class="pre">&quot;providerId&quot;:</span> <span class="pre">&quot;ldap&quot;,</span> <span class="pre">&quot;providerType&quot;:</span> <span class="pre">&quot;org.keycloak.storage.UserStorageProvider&quot;}</span></code></p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="return-msg"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-return-msg"><strong>msg</strong></p>
<a class="ansibleOptionLink" href="#return-msg" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Message as to what action was taken.</p>
<p class="ansible-option-line"><span class="ansible-option-returned-bold">Returned:</span> always</p>
<p class="ansible-option-line ansible-option-sample"><span class="ansible-option-sample-bold">Sample:</span> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">&quot;No</span> <span class="pre">changes</span> <span class="pre">required</span> <span class="pre">to</span> <span class="pre">user</span> <span class="pre">federation</span> <span class="pre">164bb483-c613-482e-80fe-7f1431308799.&quot;</span></code></p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="return-proposed"></div><p class="ansible-option-title" id="ansible-collections-middleware-automation-keycloak-keycloak-user-federation-module-return-proposed"><strong>proposed</strong></p>
<a class="ansibleOptionLink" href="#return-proposed" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Representation of proposed user federation.</p>
<p class="ansible-option-line"><span class="ansible-option-returned-bold">Returned:</span> always</p>
<p class="ansible-option-line ansible-option-sample"><span class="ansible-option-sample-bold">Sample:</span> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">{&quot;config&quot;:</span> <span class="pre">{&quot;allowKerberosAuthentication&quot;:</span> <span class="pre">&quot;false&quot;,</span> <span class="pre">&quot;authType&quot;:</span> <span class="pre">&quot;simple&quot;,</span> <span class="pre">&quot;batchSizeForSync&quot;:</span> <span class="pre">&quot;1000&quot;,</span> <span class="pre">&quot;bindCredential&quot;:</span> <span class="pre">&quot;**********&quot;,</span> <span class="pre">&quot;bindDn&quot;:</span> <span class="pre">&quot;cn=directory</span> <span class="pre">reader&quot;,</span> <span class="pre">&quot;cachePolicy&quot;:</span> <span class="pre">&quot;DEFAULT&quot;,</span> <span class="pre">&quot;connectionPooling&quot;:</span> <span class="pre">&quot;true&quot;,</span> <span class="pre">&quot;connectionUrl&quot;:</span> <span class="pre">&quot;ldaps://ldap.example.com:636&quot;,</span> <span class="pre">&quot;debug&quot;:</span> <span class="pre">&quot;false&quot;,</span> <span class="pre">&quot;editMode&quot;:</span> <span class="pre">&quot;READ_ONLY&quot;,</span> <span class="pre">&quot;enabled&quot;:</span> <span class="pre">&quot;true&quot;,</span> <span class="pre">&quot;importEnabled&quot;:</span> <span class="pre">&quot;true&quot;,</span> <span class="pre">&quot;pagination&quot;:</span> <span class="pre">&quot;true&quot;,</span> <span class="pre">&quot;priority&quot;:</span> <span class="pre">&quot;0&quot;,</span> <span class="pre">&quot;rdnLDAPAttribute&quot;:</span> <span class="pre">&quot;uid&quot;,</span> <span class="pre">&quot;searchScope&quot;:</span> <span class="pre">&quot;1&quot;,</span> <span class="pre">&quot;syncRegistrations&quot;:</span> <span class="pre">&quot;false&quot;,</span> <span class="pre">&quot;trustEmail&quot;:</span> <span class="pre">&quot;false&quot;,</span> <span class="pre">&quot;useKerberosForPasswordAuthentication&quot;:</span> <span class="pre">&quot;false&quot;,</span> <span class="pre">&quot;useTruststoreSpi&quot;:</span> <span class="pre">&quot;ldapsOnly&quot;,</span> <span class="pre">&quot;userObjectClasses&quot;:</span> <span class="pre">&quot;inetOrgPerson,</span> <span class="pre">organizationalPerson&quot;,</span> <span class="pre">&quot;usernameLDAPAttribute&quot;:</span> <span class="pre">&quot;uid&quot;,</span> <span class="pre">&quot;usersDn&quot;:</span> <span class="pre">&quot;ou=Users,dc=example,dc=com&quot;,</span> <span class="pre">&quot;uuidLDAPAttribute&quot;:</span> <span class="pre">&quot;entryUUID&quot;,</span> <span class="pre">&quot;validatePasswordPolicy&quot;:</span> <span class="pre">&quot;false&quot;,</span> <span class="pre">&quot;vendor&quot;:</span> <span class="pre">&quot;other&quot;},</span> <span class="pre">&quot;name&quot;:</span> <span class="pre">&quot;ldap&quot;,</span> <span class="pre">&quot;providerId&quot;:</span> <span class="pre">&quot;ldap&quot;,</span> <span class="pre">&quot;providerType&quot;:</span> <span class="pre">&quot;org.keycloak.storage.UserStorageProvider&quot;}</span></code></p>
</div></td>
</tr>
</tbody>
</table>
<section id="authors">
<h3>Authors<a class="headerlink" href="#authors" title="Link to this heading"></a></h3>
<ul class="simple">
<li><p>Laurent Paumier (&#64;laurpaum)</p></li>
</ul>
</section>
</section>
</section>
</div>
</div>
<footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
<a href="keycloak_role.html" class="btn btn-neutral float-left" title="keycloak_role Allows administration of Keycloak roles via Keycloak API" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
<a href="../roles/index.html" class="btn btn-neutral float-right" title="Role Index" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
</div>
<hr/>
<div role="contentinfo">
<p>&#169; Copyright 2023, Red Hat, Inc..</p>
</div>
Built with <a href="https://www.sphinx-doc.org/">Sphinx</a> using a
<a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a>
provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<script>
jQuery(function () {
SphinxRtdTheme.Navigation.enable(true);
});
</script>
</body>
</html>
Reference in a new issue View git blame Copy permalink