computer-playbook/roles/web-app-keycloak/config/main.yml

load_dependencies:    True  # When set to false the dependencies aren't loaded. Helpful for developing
actions:
  import_realm:       True     # Import REALM
features:
  matomo:             true
  css:                true
  desktop:            true
  ldap:               true
  central_database:   true
  recaptcha:          true

  # Doesn't make sense to activate logout page for keycloak, because the logout page 
  # anyhow should be included via iframe in keycloak.
  # The JS is also messing with the keycloak config fields
  # @todo optimize the JS
  logout:             false                             
server:
  csp:
    flags:
      script-src-elem:
        unsafe-inline: true
      script-src:
        unsafe-inline: true
      style-src:
        unsafe-inline: true
    whitelist:
      frame-src:
        - "*" # For frontend channel logout it's necessary that iframes can be loaded
  domains:
    canonical:
      - "auth.{{ PRIMARY_DOMAIN }}"
scopes:
  nextcloud:  nextcloud

docker:
  services:
    keycloak:
      image:    "quay.io/keycloak/keycloak"
      version:  "latest"
      name:     "keycloak"
    database:
      enabled: true

credentials:
  recaptcha:
    website_key:    "" # Required if you enabled recaptcha:
    secret_key:     ""  # Required if you enabled recaptcha: