Kevin Veen-Birkenbach e497c001d6
keycloak: robust LDAP bind and connectionUrl update via kcadm (argv + JSON); strict ldap.*; idempotent
Switch to command:argv to avoid shell quoting and argument splitting issues.

Pass -s config values as JSON arrays via to_json, fixing previous errors: Cannot parse the JSON / failed at splitting arguments.

Also reconcile config.connectionUrl from ldap.server.uri.

Source desired values strictly from ldap.* (no computed defaults) and assert their presence.

Keep operation idempotent by reading current values and updating only on change.

Minor refactor: build reusable kcadm_argv_base and expand client state extraction.

Touch: roles/web-app-keycloak/tasks/03_update-ldap-bind.yml

https://chatgpt.com/share/689bea84-7188-800f-ba51-830a0735f24c
2025-08-13 03:30:14 +02:00
..
2025-08-13 00:33:47 +02:00
2025-07-09 02:26:50 +02:00
2025-08-13 00:33:47 +02:00
2025-07-15 17:10:32 +02:00

Keycloak

Description

Step into a secure future with Keycloak! This opensource identity and access management solution offers powerful single sign-on (SSO), multi-factor authentication, and user federation capabilities. With support for industry standards such as SAML and OpenID Connect, Keycloak helps you protect and streamline access to your applications.

Overview

This role deploys Keycloak in a Docker environment, integrating it with a PostgreSQL database and enabling operation behind a reverse proxy such as NGINX. It manages container orchestration and configuration via Docker Compose and environment variable templates, ensuring a secure and scalable identity management solution.

Features

  • Comprehensive Identity Management: Manage users, roles, and permissions across your applications with robust SSO and user federation.
  • Advanced Security Options: Benefit from multi-factor authentication, configurable password policies, and secure session management.
  • Standards Support: Seamlessly integrate with SAML, OpenID Connect, and OAuth2 to support various authentication flows.
  • Scalable and Customizable: Easily tailor settings and scale your Keycloak instance to meet growing demands.

Further Resources

Credits

Developed and maintained by Kevin Veen-Birkenbach.
Learn more at veen.world.

Part of the Infinito.Nexus Project
Licensed under Infinito.Nexus NonCommercial License (CNCL).