mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-02-23 12:51:54 +01:00
40 lines
2.0 KiB
YAML
40 lines
2.0 KiB
YAML
#############################################
|
|
### Identity and Access Management (IAM) ###
|
|
#############################################
|
|
|
|
#############################################
|
|
### OIDC ###
|
|
#############################################
|
|
# @see https://en.wikipedia.org/wiki/OpenID_Connect
|
|
|
|
## Private configuration variables:
|
|
_oidc_client_realm: "{{ oidc.client.realm if oidc.client is defined and oidc.client.realm is defined else primary_domain }}"
|
|
_oidc_client_issuer_url: "https://{{domains.keycloak}}/realms/{{_oidc_client_realm}}"
|
|
|
|
defaults_oidc:
|
|
enabled: true
|
|
client:
|
|
id: "{{primary_domain}}"
|
|
# secret: # Define in inventory file
|
|
realm: "{{_oidc_client_realm}}"
|
|
issuer_url: "{{_oidc_client_issuer_url}}"
|
|
discovery_document: "{{_oidc_client_issuer_url}}/.well-known/openid-configuration"
|
|
authorize_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/auth"
|
|
toke_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/token"
|
|
user_info_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/userinfo"
|
|
logout_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/logout"
|
|
change_credentials: "{{_oidc_client_issuer_url}}account/account-security/signing-in"
|
|
|
|
#############################################
|
|
### OAuth2-Proxy ###
|
|
#############################################
|
|
# The name of the application which the server redirects to. Needs to be defined in role vars.
|
|
oauth2_proxy_upstream_application_and_port: "application:80"
|
|
oauth2_proxy_active: false
|
|
|
|
#############################################
|
|
### LDAP ###
|
|
#############################################
|
|
# Activate LDAP network for insecure communitation on localhot between different container instances. Set in vars/main.yml
|
|
ldap_network_enabled: false
|