Kevin Veen-Birkenbach
4fa1c6cfbd
Highlights
- Quote all file modes as strings ("0755"/"0770") across multiple roles to avoid YAML octal quirks and improve portability.
- Keycloak: introduce actions.{import_realm,update_ldap_bind} feature flags and wire them via vars/config.
- Implement idempotent LDAP bind updater (tasks/03_update-ldap-bind.yml):
* kcadm login with no_log protection,
* fetch LDAP UserStorage component by name,
* compare current bindDn/bindCredential and update only when changed.
- Keycloak realm import template: keep providerId="ldap" and set name from keycloak_ldap_component_name.
- Centralize Keycloak readiness check in tasks/main.yml; remove duplicate waits from 02_update_client_redirects.yml and 04_ssh_public_key.yml.
- 01_import.yml: fix typo (keycloak), quote modes, tidy spacing, and replace Jinja-in-Jinja fileglob with concatenation.
- 02_update_client_redirects.yml: correct assert fail_msg filename; keep login-first flow.
- Minor template/vars tidy-ups (spacing, comments, consistent variable usage).
Files touched (excerpt)
- roles/*/*: replace 0755/0770 → "0755"/"0770"
- roles/web-app-keycloak/config/main.yml: add actions map
- roles/web-app-keycloak/vars/main.yml: unify Keycloak vars and feature flags
- roles/web-app-keycloak/tasks/{01_import,02_update_client_redirects,03_update-ldap-bind,04_ssh_public_key,main}.yml
- roles/web-app-keycloak/templates/{docker-compose.yml.j2,import/realm.json.j2}
https://chatgpt.com/share/689bda16-b138-800f-8258-e13f6d7d8239
Keycloak
Description
Step into a secure future with Keycloak! This open‐source identity and access management solution offers powerful single sign-on (SSO), multi-factor authentication, and user federation capabilities. With support for industry standards such as SAML and OpenID Connect, Keycloak helps you protect and streamline access to your applications.
Overview
This role deploys Keycloak in a Docker environment, integrating it with a PostgreSQL database and enabling operation behind a reverse proxy such as NGINX. It manages container orchestration and configuration via Docker Compose and environment variable templates, ensuring a secure and scalable identity management solution.
Features
- Comprehensive Identity Management: Manage users, roles, and permissions across your applications with robust SSO and user federation.
- Advanced Security Options: Benefit from multi-factor authentication, configurable password policies, and secure session management.
- Standards Support: Seamlessly integrate with SAML, OpenID Connect, and OAuth2 to support various authentication flows.
- Scalable and Customizable: Easily tailor settings and scale your Keycloak instance to meet growing demands.
Further Resources
- Keycloak Official Website
- Official Keycloak Documentation
- Keycloak GitHub Repository
- Setting up Keycloak behind a Reverse Proxy
- Wikipedia
- Youtube Tutorial
Credits
Developed and maintained by Kevin Veen-Birkenbach.
Learn more at veen.world.
Part of the Infinito.Nexus Project
Licensed under Infinito.Nexus NonCommercial License (CNCL).