actions:
  import_realm:       True     # Import REALM
  update_ldap_bind:   True     # Updates LDAP binds
features:
  matomo:             true
  css:                true
  port-ui-desktop:    true
  ldap:               true
  central_database:   true
  recaptcha:          true

  # Doesn't make sense to activate logout page for keycloak, because the logout page 
  # anyhow should be included via iframe in keycloak.
  # The JS is also messing with the keycloak config fields
  # @todo optimize the JS
  logout:             false                             
server:
  csp:
    flags:
      script-src-elem:
        unsafe-inline: true
      script-src:
        unsafe-inline: true
      style-src:
        unsafe-inline: true
    whitelist:
      frame-src:
        - "*" # For frontend channel logout it's necessary that iframes can be loaded
  domains:
    canonical:
      - "auth.{{ PRIMARY_DOMAIN }}"
scopes:
  rbac_roles: rbac_roles
  nextcloud:  nextcloud

rbac_groups:  "/rbac"
docker:
  services:
    keycloak:
      image:    "quay.io/keycloak/keycloak"
      version:  "latest"
      name:     "keycloak"
    database:
      enabled: true

credentials:
  recaptcha:
    website_key:    "YOUR_RECAPTCHA_WEBSITE_KEY" # Required if you enabled recaptcha:
    secret_key:     "YOUR_RECAPTCHA_SECRET_KEY" # Required if you enabled recaptcha: