mirror of
https://github.com/ansible-middleware/keycloak.git
synced 2025-07-30 00:21:36 -07:00
94 lines
3.9 KiB
YAML
94 lines
3.9 KiB
YAML
---
|
|
- name: Converge
|
|
hosts: all
|
|
vars:
|
|
keycloak_quarkus_show_deprecation_warnings: false
|
|
keycloak_quarkus_bootstrap_admin_password: "remembertochangeme"
|
|
keycloak_quarkus_bootstrap_admin_user: "remembertochangeme"
|
|
keycloak_realm: TestRealm
|
|
keycloak_quarkus_hostname: https://instance:8443
|
|
keycloak_quarkus_log: file
|
|
keycloak_quarkus_log_level: debug # needed for the verify step
|
|
keycloak_quarkus_https_key_file_enabled: true
|
|
keycloak_quarkus_key_file_copy_enabled: true
|
|
keycloak_quarkus_key_content: "{{ lookup('file', 'key.pem') }}"
|
|
keycloak_quarkus_cert_file_copy_enabled: true
|
|
keycloak_quarkus_cert_file_src: cert.pem
|
|
keycloak_quarkus_log_target: /tmp/keycloak
|
|
keycloak_quarkus_ks_vault_enabled: true
|
|
keycloak_quarkus_ks_vault_file: "/opt/keycloak/vault/keystore.p12"
|
|
keycloak_quarkus_ks_vault_pass: keystorepassword
|
|
keycloak_quarkus_systemd_wait_for_port: true
|
|
keycloak_quarkus_systemd_wait_for_timeout: 20
|
|
keycloak_quarkus_systemd_wait_for_delay: 2
|
|
keycloak_quarkus_systemd_wait_for_log: true
|
|
keycloak_quarkus_restart_health_check: false # would fail because of self-signed cert
|
|
keycloak_quarkus_version: 26.2.4
|
|
keycloak_quarkus_java_heap_opts: "-Xms1024m -Xmx1024m"
|
|
keycloak_quarkus_additional_env_vars:
|
|
- key: KC_FEATURES_DISABLED
|
|
value: impersonation,kerberos
|
|
keycloak_quarkus_providers:
|
|
- id: http-client
|
|
spi: connections
|
|
default: true
|
|
restart: true
|
|
properties:
|
|
- key: default-connection-pool-size
|
|
value: 10
|
|
- id: spid-saml
|
|
url: https://github.com/italia/spid-keycloak-provider/releases/download/24.0.2/spid-provider.jar
|
|
- id: spid-saml-w-checksum
|
|
url: https://github.com/italia/spid-keycloak-provider/releases/download/24.0.2/spid-provider.jar
|
|
checksum: sha256:fbb50e73739d7a6d35b5bff611b1c01668b29adf6f6259624b95e466a305f377
|
|
- id: keycloak-kerberos-federation
|
|
maven:
|
|
repository_url: https://repo1.maven.org/maven2/ # https://mvnrepository.com/artifact/org.keycloak/keycloak-kerberos-federation/24.0.4
|
|
group_id: org.keycloak
|
|
artifact_id: keycloak-kerberos-federation
|
|
version: 26.2.4 # optional
|
|
# username: myUser # optional
|
|
# password: myPAT # optional
|
|
# - id: my-static-theme
|
|
# local_path: /tmp/my-static-theme.jar
|
|
keycloak_quarkus_policies:
|
|
- name: "cain-and-abel.txt"
|
|
url: "https://github.com/danielmiessler/SecLists/raw/master/Passwords/Software/cain-and-abel.txt"
|
|
- name: "john-the-ripper.txt"
|
|
url: "https://github.com/danielmiessler/SecLists/raw/master/Passwords/Software/john-the-ripper.txt"
|
|
type: password-blacklists
|
|
roles:
|
|
- role: keycloak_quarkus
|
|
- role: keycloak_realm
|
|
keycloak_url: http://instance:8080
|
|
keycloak_context: ''
|
|
keycloak_admin_user: "{{ keycloak_quarkus_bootstrap_admin_user }}"
|
|
keycloak_admin_password: "{{ keycloak_quarkus_bootstrap_admin_password }}"
|
|
keycloak_client_default_roles:
|
|
- TestRoleAdmin
|
|
- TestRoleUser
|
|
keycloak_client_users:
|
|
- username: TestUser
|
|
password: password
|
|
client_roles:
|
|
- client: TestClient
|
|
role: TestRoleUser
|
|
realm: "{{ keycloak_realm }}"
|
|
- username: TestAdmin
|
|
password: password
|
|
client_roles:
|
|
- client: TestClient
|
|
role: TestRoleUser
|
|
realm: "{{ keycloak_realm }}"
|
|
- client: TestClient
|
|
role: TestRoleAdmin
|
|
realm: "{{ keycloak_realm }}"
|
|
keycloak_realm: TestRealm
|
|
keycloak_clients:
|
|
- name: TestClient
|
|
roles: "{{ keycloak_client_default_roles }}"
|
|
realm: "{{ keycloak_realm }}"
|
|
public_client: "{{ keycloak_client_public }}"
|
|
web_origins: "{{ keycloak_client_web_origins }}"
|
|
users: "{{ keycloak_client_users }}"
|
|
client_id: TestClient
|