mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-21 11:15:06 +02:00
Kevin Veen-Birkenbach
d1cd87c843
- Fixed incorrect handling of RBAC group configuration (moved from OIDC claims into dedicated RBAC variable set).
- Unified RBAC group usage across applications (LAM, pgAdmin, phpLDAPadmin, phpMyAdmin, YOURLS).
- Replaced old 'KEYCLOAK_OIDC_RBAC_SCOPE_NAME' with dedicated 'KEYCLOAK_RBAC_GROUP_*' variables.
- Updated OAuth2 Proxy configuration to use 'RBAC.GROUP.CLAIM'.
- Refactored Keycloak role task structure:
* Renamed and reorganized task files for clarity ('_update.yml', '02_cleanup.yml', etc.).
* Introduced meta and dependency handling separation.
- Cleaned up Keycloak config defaults and recaptcha placeholders.
29 lines
792 B
Django/Jinja
29 lines
792 B
Django/Jinja
{
|
|
"name": "{{ KEYCLOAK_RBAC_GROUP_CLAIME }}",
|
|
"description": "RBAC Groups",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "false",
|
|
"display.on.consent.screen": "true",
|
|
"gui.order": "",
|
|
"consent.screen.text": ""
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"name": "groups",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-group-membership-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"full.path": "true",
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"multivalued": "true",
|
|
"id.token.claim": "true",
|
|
"lightweight.claim": "false",
|
|
"access.token.claim": "true",
|
|
"claim.name": "{{ KEYCLOAK_RBAC_GROUP_CLAIME }}"
|
|
}
|
|
}
|
|
]
|
|
} |