Optimized LDAP. Implemented passwordchange, usernames etc.

2025-08-29 15:06:26 +02:00 · 2025-07-01 16:45:03 +02:00
parent ff2b402ea7
commit 3ce6e958b4
6 changed files with 99 additions and 15 deletions
--- a/group_vars/all/12_oidc.yml
+++ b/group_vars/all/12_oidc.yml
@@ -8,12 +8,13 @@
 # @see https://en.wikipedia.org/wiki/OpenID_Connect

 ## Helper Variables:
-_oidc_client_realm:       "{{ oidc.client.realm if oidc.client is defined and oidc.client.realm is defined else primary_domain }}"
-_oidc_client_issuer_url:  "{{ web_protocol }}://{{domains | get_domain('keycloak')}}/realms/{{_oidc_client_realm}}"
+_oidc_client_realm:         "{{ oidc.client.realm if oidc.client is defined and oidc.client.realm is defined else primary_domain }}"
+_oidc_client_issuer_url:    "{{ web_protocol }}://{{domains | get_domain('keycloak')}}/realms/{{_oidc_client_realm}}"
+_oidc_client_id:            "{{ oidc.client.id if oidc.client is defined and oidc.client.id is defined else primary_domain }}"

 defaults_oidc:
  client:
-    id:                   "{{primary_domain}}"                                              # Client identifier, typically matching your primary domain
+    id:                   "{{ _oidc_client_id }}"                                            # Client identifier, typically matching your primary domain
 #   secret:                                                                                 # Client secret for authenticating with the OIDC provider (set in the inventory file). Recommend greater then 32 characters
    realm:                "{{_oidc_client_realm}}"                                          # The realm to which the client belongs in the OIDC provider
    issuer_url:           "{{_oidc_client_issuer_url}}"                                     # Base URL of the OIDC provider (issuer)
@@ -24,6 +25,7 @@ defaults_oidc:
    logout_url:           "{{_oidc_client_issuer_url}}/protocol/openid-connect/logout"      # Endpoint to log out the user
    change_credentials:   "{{_oidc_client_issuer_url}}account/account-security/signing-in"  # URL for managing or changing user credentials
    certs:                "{{_oidc_client_issuer_url}}/protocol/openid-connect/certs"       # JSON Web Key Set (JWKS)
+    reset_credentials:    "{{_oidc_client_issuer_url}}/login-actions/reset-credentials?client_id={{ _oidc_client_id }}" # Password reset url
  button_text:            "SSO Login ({{primary_domain | upper}})"                           # Default button text
  attributes:
    # Attribut to identify the user