community.general.keycloak_authentication – Configure authentication in Keycloak

Note

This plugin is part of the community.general collection (version 3.8.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.keycloak_authentication.

New in version 3.3.0: of community.general

Synopsis

This module actually can only make a copy of an existing authentication flow, add an execution to it and configure it.
It can also delete the flow.

Parameters

Parameter		Choices/Defaults	Comments
alias string / required			Alias for the authentication flow.
auth_client_id string		Default: "admin-cli"	OpenID Connect client_id to authenticate to the API with.
auth_client_secret string			Client Secret to use in conjunction with auth_client_id (if required).
auth_keycloak_url string / required			URL to the Keycloak instance. aliases: url
auth_password string			Password to authenticate for API access with. aliases: password
auth_realm string			Keycloak realm name to authenticate to for API access.
auth_username string			Username to authenticate for API access with. aliases: username
authenticationExecutions list / elements=dictionary			Configuration structure for the executions.
	authenticationConfig dictionary		Describe the config of the authentication.
	displayName string		Name of the execution or subflow to create or update.
	flowAlias string		Alias of parent flow.
	index integer		Priority order of the execution.
	providerId string		`providerID` for the new flow when not copied from an existing flow.
	requirement string	Choices: REQUIRED ALTERNATIVE DISABLED CONDITIONAL	Control status of the subflow or execution.
copyFrom string			`flowAlias` of the authentication flow to use for the copy.
description string			Description of the flow.
force boolean		Choices: no ← yes	If `true`, allows to remove the authentication flow and recreate it.
providerId string			`providerId` for the new flow when not copied from an existing flow.
realm string / required			The name of the realm in which is the authentication.
state string		Choices: present ← absent	Control if the authentication flow must exists or not.
token string added in 3.0.0 of community.general			Authentication token for Keycloak API.
validate_certs boolean		Choices: no yes ←	Verify TLS certificates (do not disable this in production).

Examples

- name: Create an authentication flow from first broker login and add an execution to it.
  community.general.keycloak_authentication:
    auth_keycloak_url: http://localhost:8080/auth
    auth_realm: master
    auth_username: admin
    auth_password: password
    realm: master
    alias: "Copy of first broker login"
    copyFrom: "first broker login"
    authenticationExecutions:
      - providerId: "test-execution1"
        requirement: "REQUIRED"
        authenticationConfig:
          alias: "test.execution1.property"
          config:
            test1.property: "value"
      - providerId: "test-execution2"
        requirement: "REQUIRED"
        authenticationConfig:
          alias: "test.execution2.property"
          config:
            test2.property: "value"
    state: present

- name: Re-create the authentication flow
  community.general.keycloak_authentication:
    auth_keycloak_url: http://localhost:8080/auth
    auth_realm: master
    auth_username: admin
    auth_password: password
    realm: master
    alias: "Copy of first broker login"
    copyFrom: "first broker login"
    authenticationExecutions:
      - providerId: "test-provisioning"
        requirement: "REQUIRED"
        authenticationConfig:
          alias: "test.provisioning.property"
          config:
            test.provisioning.property: "value"
    state: present
    force: true

- name: Create an authentication flow with subflow containing an execution.
  community.general.keycloak_authentication:
    auth_keycloak_url: http://localhost:8080/auth
    auth_realm: master
    auth_username: admin
    auth_password: password
    realm: master
    alias: "Copy of first broker login"
    copyFrom: "first broker login"
    authenticationExecutions:
      - providerId: "test-execution1"
        requirement: "REQUIRED"
      - displayName: "New Subflow"
        requirement: "REQUIRED"
      - providerId: "auth-cookie"
        requirement: "REQUIRED"
        flowAlias: "New Sublow"
    state: present

- name: Remove authentication.
  community.general.keycloak_authentication:
    auth_keycloak_url: http://localhost:8080/auth
    auth_realm: master
    auth_username: admin
    auth_password: password
    realm: master
    alias: "Copy of first broker login"
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
flow dictionary	on success	JSON representation for the authentication.

Authors

Philippe Gauthier (@elfelip)
Gaëtan Daubresse (@Gaetan2907)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/keycloak_authentication_module.html

Docs

Docs4dev

Title here