#############################################
### Identity and Access Management (IAM)  ###
#############################################

#############################################
### OIDC                                  ###
#############################################
# @see https://en.wikipedia.org/wiki/OpenID_Connect

## Private configuration variables:
_oidc_client_realm:       "{{ oidc.client.realm if oidc.client is defined and oidc.client.realm is defined else primary_domain }}"
_oidc_client_issuer_url:  "https://{{domains.keycloak}}/realms/{{_oidc_client_realm}}"

defaults_oidc:
  enabled:               true
  client:
    id:                   "{{primary_domain}}"
#   secret:               # Define in inventory file
    realm:                "{{_oidc_client_realm}}"
    issuer_url:           "{{_oidc_client_issuer_url}}"
    discovery_document:   "{{_oidc_client_issuer_url}}/.well-known/openid-configuration"
    authorize_url:        "{{_oidc_client_issuer_url}}/protocol/openid-connect/auth"
    toke_url:             "{{_oidc_client_issuer_url}}/protocol/openid-connect/token"
    user_info_url:        "{{_oidc_client_issuer_url}}/protocol/openid-connect/userinfo"
    logout_url:           "{{_oidc_client_issuer_url}}/protocol/openid-connect/logout"
    change_credentials:   "{{_oidc_client_issuer_url}}account/account-security/signing-in"

#############################################
### OAuth2-Proxy                          ###
#############################################
# The name of the application which the server redirects to. Needs to be defined in role vars.
oauth2_proxy_upstream_application_and_port:  "application:80"
oauth2_proxy_active:                         false   

#############################################
### LDAP                                  ###
#############################################
# Activate LDAP network for insecure communitation on localhot between different container instances. Set in vars/main.yml
ldap_network_enabled:                  false