computer-playbook/group_vars/all/11_iam.yml

#############################################
### Identity and Access Management (IAM)  ###
#############################################

#############################################
### OIDC                                  ###
#############################################
# @see https://en.wikipedia.org/wiki/OpenID_Connect

## Private configuration variables:
_oidc_client_realm:       "{{ oidc.client.realm if oidc.client is defined and oidc.client.realm is defined else primary_domain }}"
_oidc_client_issuer_url:  "https://{{domains.keycloak}}/realms/{{_oidc_client_realm}}"

defaults_oidc:
  enabled:               true
  client:
    id:                   "{{primary_domain}}"
#   secret:               # Define in inventory file
    realm:                "{{_oidc_client_realm}}"
    issuer_url:           "{{_oidc_client_issuer_url}}"
    discovery_document:   "{{_oidc_client_issuer_url}}/.well-known/openid-configuration"
    authorize_url:        "{{_oidc_client_issuer_url}}/protocol/openid-connect/auth"
    toke_url:             "{{_oidc_client_issuer_url}}/protocol/openid-connect/token"
    user_info_url:        "{{_oidc_client_issuer_url}}/protocol/openid-connect/userinfo"
    logout_url:           "{{_oidc_client_issuer_url}}/protocol/openid-connect/logout"
    change_credentials:   "{{_oidc_client_issuer_url}}account/account-security/signing-in"

#############################################
### OAuth2-Proxy                          ###
#############################################
# The name of the application which the server redirects to. Needs to be defined in role vars.
oauth2_proxy_upstream_application_and_port:  "application:80"
oauth2_proxy_active:                         false   

#############################################
### LDAP                                  ###
#############################################


# Activate local LDAP network for communitation on localhot between different docker containers
# 
# Set in vars/main.yml via:
#   ldap_network_enabled: "{{ldap.enabled}}"
#
# This leads to that the local ldap networks get enabled, if LDAP is enabled
ldap_network_enabled:                  false

ldap:
  enabled:  true # Enable or disable LDAP
Implemented OIDC for mailu 2025-02-06 15:02:18 +01:00			`#############################################`
			`### Identity and Access Management (IAM) ###`
			`#############################################`

			`#############################################`
			`### OIDC ###`
			`#############################################`
			`# @see https://en.wikipedia.org/wiki/OpenID_Connect`

			`## Private configuration variables:`
			`_oidc_client_realm: "{{ oidc.client.realm if oidc.client is defined and oidc.client.realm is defined else primary_domain }}"`
			`_oidc_client_issuer_url: "https://{{domains.keycloak}}/realms/{{_oidc_client_realm}}"`

			`defaults_oidc:`
			`enabled: true`
			`client:`
			`id: "{{primary_domain}}"`
			`# secret: # Define in inventory file`
			`realm: "{{_oidc_client_realm}}"`
			`issuer_url: "{{_oidc_client_issuer_url}}"`
			`discovery_document: "{{_oidc_client_issuer_url}}/.well-known/openid-configuration"`
			`authorize_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/auth"`
			`toke_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/token"`
			`user_info_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/userinfo"`
			`logout_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/logout"`
implemented password redirect url for mailu 2025-02-06 16:01:12 +01:00			`change_credentials: "{{_oidc_client_issuer_url}}account/account-security/signing-in"`
Implemented OIDC for mailu 2025-02-06 15:02:18 +01:00
			`#############################################`
			`### OAuth2-Proxy ###`
			`#############################################`
			`# The name of the application which the server redirects to. Needs to be defined in role vars.`
			`oauth2_proxy_upstream_application_and_port: "application:80"`
			`oauth2_proxy_active: false`

			`#############################################`
			`### LDAP ###`
			`#############################################`
In between re-draft for nextcloud 2025-02-10 22:42:08 +01:00

			`# Activate local LDAP network for communitation on localhot between different docker containers`
			`#`
			`# Set in vars/main.yml via:`
			`# ldap_network_enabled: "{{ldap.enabled}}"`
			`#`
			`# This leads to that the local ldap networks get enabled, if LDAP is enabled`
Implemented OIDC for mailu 2025-02-06 15:02:18 +01:00			`ldap_network_enabled: false`
In between re-draft for nextcloud 2025-02-10 22:42:08 +01:00
			`ldap:`
			`enabled: true # Enable or disable LDAP`