kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-06 02:11:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactored LDAP and Keycloak implementation and added RBAC based groups to Keycloak

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-07-04 16:16:45 +02:00
parent ee0561db72
commit 06b864ad52
17 changed files with 206 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
View File

@@ -11,13 +11,14 @@ client_id = "{{ oidc.client.id }}"
redirect_url = "{{ web_protocol }}://{{ domains | get_domain(oauth2_proxy_application_id) }}/oauth2/callback"
oidc_issuer_url = "{{ oidc.client.issuer_url }}"
provider = "oidc"
provider_display_name = "Keycloak"
provider_display_name = "{{ oidc.button_text }}"
{% if applications[oauth2_proxy_application_id].oauth2_proxy.allowed_groups is defined %}
{# role based restrictions #}
scope = "openid email profile groups"
oidc_groups_claim = "realm_access.roles"
scope = "openid email profile {{ oidc.claims.groups }}"
oidc_groups_claim = "{{ oidc.claims.groups }}"
allowed_groups = {{ applications[oauth2_proxy_application_id].oauth2_proxy.allowed_groups | tojson }}
email_domains = ["*"]
{% else %}
email_domains = "{{ primary_domain }}"
{% endif %}