Added auto oidc parameters to discourse

2025-08-29 15:06:26 +02:00 · 2025-01-27 11:51:14 +01:00
parent c896057400
commit 69a98c4c24
4 changed files with 30 additions and 17 deletions
--- a/group_vars/all
+++ b/group_vars/all
@@ -217,10 +217,10 @@ akaunting_company_email:      "{{administrator_email}}"
 akaunting_setup_admin_email:  "{{administrator_email}}"

 #### Attendize 
-attendize_version:              "latest"
+attendize_version:                "latest"

 #### Baserow 
-baserow_version:                "latest"
+baserow_version:                  "latest"

 #### Big Blue Button
 bigbluebutton_enable_greenlight:  "true"
@@ -244,7 +244,14 @@ joomla_version:                   "latest"
 #### Keycloak
 keycloak_version:                 "latest"
 keycloak_administrator_username:  "{{administrator_username}}"  # Administrator Username for Keycloak
-keycloak_oidc_active:             true                          # Implement OpenID Connect https://en.wikipedia.org/wiki/OpenID_Connect
+
+##### Keycloak Client Configuration
+oidc_client_active:               true  # Implement OpenID Connect https://en.wikipedia.org/wiki/OpenID_Connect
+oidc_client_id:                   "{{primary_domain}}"
+oidc_client_realm:                "{{primary_domain}}"   
+oidc_client_issuer_url:           "https://{{domain_keycloak}}/realms/{{oidc_client_realm}}"
+oidc_client_discovery_document:   "{{oidc_client_issuer_url}}/.well-known/openid-configuration"
+# oidc_client_secret:             "{{oidc_client_secret}}"  # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible

 #### LDAP
 ldap_lam_version:                     "latest"
@@ -304,17 +311,14 @@ oauth2_proxy_redirect_url:                    "https://{{domain_keycloak}}/auth/
 # oauth2_proxy_port:                          >= 4180                                   # This ports should be defined in the roles. They are for the local mapping on the host and need to be defined in the playbook for transparancy.
 oauth2_proxy_upstream_application_and_port:   "application:80"                          # The name of the application which the server redirects to. Needs to be defined in role vars.
 oauth2_proxy_allowed_roles:                   admin                                     # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups  
-oauth2_proxy_client_id:                       "{{primary_domain}}"                      # The id of the client application
-oauth2_proxy_client_secret:                   "{{primary_oauth2_proxy_client_secret}}"  # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible
-oauth2_proxy_cookie_secret:                   "{{primary_oauth2_proxy_cookie_secret}}"  # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
-oauth2_proxy_oidc_issuer_url:                 "https://{{domain_keycloak}}/realms/{{primary_domain}}"
+#oauth2_proxy_cookie_secret:                  "{{oauth2_proxy_cookie_secret}}"          # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16

 #### Peertube
-peertube_version:                         "bookworm"
+peertube_version:           "bookworm"

 #### PHPMyAdmin
-phpmyadmin_version:                       "latest"
-phpmyadmin_autologin:                     false     # This is a high security risk. Just activate this option if you know what you're doing
+phpmyadmin_version:         "latest"
+phpmyadmin_autologin:       false     # This is a high security risk. Just activate this option if you know what you're doing

 #### Pixelfed
 pixelfed_app_name:          "Pictures on {{primary_domain}}"