20c8d46f54
Keycloak import templates cleanup
...
- Removed all static 'id' fields from realm.json.j2, ldap.json.j2, and client.json.j2
- Replaced 'desktop-secret' with correct 'client-secret' authenticator type
- Standardized Jinja filters to use 'to_json' consistently
- Corrected defaultClientScopes entry from 'web-app-origins' to built-in 'web-origins'
- Verified LDAP mapper definitions and optional realm role mapping
- Ensured realm.json.j2 contains only required scopes
References: Chat with ChatGPT (2025-08-17)
https://chatgpt.com/share/68a1aaae-1b04-800f-aa8d-8a0ef6d33cba
2025-08-17 12:11:14 +02:00
a524c52f89
Created own ldap.json.j2 for better readability in keycloak
2025-08-17 11:49:50 +02:00
bfe18dd83c
Refactor Keycloak role:
...
- Replace KEYCLOAK_KCADM_PATH with KEYCLOAK_EXEC_KCADM consistently
- Externalize client.json to separate Jinja2 template and include it in realm.json
- Simplify LDAP bind update to use explicit KEYCLOAK_LDAP_* vars
- Add async/poll support for long-running kcadm updates
- Restructure vars/main.yml: clearer grouping (General, Docker, Server, Update, LDAP, API)
- Compute redirectUris/webOrigins centrally in vars
- Align post.logout.redirect.uris handling with playbook
Conversation: https://chatgpt.com/share/68a1a11f-f8ac-800f-bada-cdc99a4fa1bf
2025-08-17 11:30:33 +02:00
0a83f3159a
Updated keycloak variables
2025-08-17 10:47:40 +02:00
fb7b3a3c8e
Added setting of frontchannel.logout.url for keycloak
2025-08-17 10:38:25 +02:00
0de26fa6c7
Solved bug existed due to difference between mailu domain and hostname difference. also refactored during this to find the bug
2025-08-16 14:29:07 +02:00
3ac9bd9f90
Optimized variable typos
2025-08-15 18:43:42 +02:00
022800425d
THE HUGE REFACTORING CALENDER WEEK 33; Optimized Matrix and during this updated variables, and implemented better reset and cleanup mode handling, also solved some initial setup bugs
2025-08-15 15:15:48 +02:00
0228014d34
Replaced .infinito.service and .infinito.timer by SOFTWARE_NAME suffix, optimized LICENSE link and update OIDC Realm and ID conf
2025-08-14 14:39:18 +02:00
db0e030900
Renamed general and mode constants and implemented a check to verify that constants are just defined ones over the whole repository
2025-08-13 19:11:14 +02:00
4fa1c6cfbd
ansible: quote file modes; keycloak: robust LDAP bind update + config cleanup
...
Highlights
- Quote all file modes as strings ("0755"/"0770") across multiple roles to avoid YAML octal quirks and improve portability.
- Keycloak: introduce actions.{import_realm,update_ldap_bind} feature flags and wire them via vars/config.
- Implement idempotent LDAP bind updater (tasks/03_update-ldap-bind.yml):
* kcadm login with no_log protection,
* fetch LDAP UserStorage component by name,
* compare current bindDn/bindCredential and update only when changed.
- Keycloak realm import template: keep providerId="ldap" and set name from keycloak_ldap_component_name.
- Centralize Keycloak readiness check in tasks/main.yml; remove duplicate waits from 02_update_client_redirects.yml and 04_ssh_public_key.yml.
- 01_import.yml: fix typo (keycloak), quote modes, tidy spacing, and replace Jinja-in-Jinja fileglob with concatenation.
- 02_update_client_redirects.yml: correct assert fail_msg filename; keep login-first flow.
- Minor template/vars tidy-ups (spacing, comments, consistent variable usage).
Files touched (excerpt)
- roles/*/*: replace 0755/0770 → "0755"/"0770"
- roles/web-app-keycloak/config/main.yml: add actions map
- roles/web-app-keycloak/vars/main.yml: unify Keycloak vars and feature flags
- roles/web-app-keycloak/tasks/{01_import,02_update_client_redirects,03_update-ldap-bind,04_ssh_public_key,main}.yml
- roles/web-app-keycloak/templates/{docker-compose.yml.j2,import/realm.json.j2}
https://chatgpt.com/share/689bda16-b138-800f-8258-e13f6d7d8239
2025-08-13 02:20:38 +02:00
6e8ae793e3
Added auto setting for redirect urls for keycloak clients. Element and Synapse still need to be mapped
2025-08-11 00:17:18 +02:00
7f53cc3a12
Replaced web_protocol by WEB_PROTOCOL
2025-08-07 12:31:20 +02:00
a04a1710d3
Changed keycloak application id
2025-07-17 07:16:38 +02:00
632ad14bd8
Solved application id bug in keycloak
2025-07-13 23:12:13 +02:00
ad60f5fb37
Rmeoved is_feature_enabled function
2025-07-13 17:54:09 +02:00
a98332bfb9
Semi bsr replace part two
2025-07-13 15:35:55 +02:00
756597668c
Semi bsr for applications[] to prevent heavy to debug bugs in j2 - part 1
2025-07-13 15:11:38 +02:00
563d5fd528
Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation
2025-07-08 23:43:13 +02:00
