KellEngineering
/
open-cmmc-stack
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
open-cmmc-stack/ansible/roles/keycloak_init/tasks/main.yml

81 lines
2.2 KiB
YAML
Raw Blame History

---
- name: Check if Keycloak is already installed
stat:
path: /opt/keycloak/bin/kcadm.sh
register: keycloak_installed
- name: Download Keycloak if not already present
unarchive:
src: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/keycloak-{{ keycloak_version }}.tar.gz"
dest: /opt/
remote_src: yes
when: not keycloak_installed.stat.exists
- name: Rename keycloak directory
command: mv /opt/keycloak-{{ keycloak_version }} /opt/keycloak
args:
creates: /opt/keycloak/bin/kcadm.sh
when: not keycloak_installed.stat.exists
- name: Set executable permissions on kcadm.sh
file:
path: /opt/keycloak/bin/kcadm.sh
mode: '0755'
when: not keycloak_installed.stat.exists
- name: Log in to Keycloak Admin CLI
command: >
/opt/keycloak/bin/kcadm.sh config credentials
--server http://localhost:8080
--realm master
--user {{ keycloak_admin_user }}
--password {{ keycloak_admin_password }}
environment:
KC_HOME: /opt/keycloak
register: kcadm_login
changed_when: false
- name: Create OpenCMMC realm
command: >
/opt/keycloak/bin/kcadm.sh create realms
-s realm=OpenCMMC -s enabled=true
environment:
KC_HOME: /opt/keycloak
when: kcadm_login is succeeded
- name: Create groups
loop:
- Access_CUI
- Access_FCI
- Access_Proprietary
command: >
/opt/keycloak/bin/kcadm.sh create groups -r OpenCMMC -s name={{ item }}
environment:
KC_HOME: /opt/keycloak
when: kcadm_login is succeeded
- name: Create OIDC client for Mailcow
command: >
/opt/keycloak/bin/kcadm.sh create clients -r OpenCMMC
-s clientId=mailcow
-s enabled=true
-s protocol=openid-connect
-s publicClient=false
-s 'redirectUris=["https://mail.yourdomain.com/*"]'
environment:
KC_HOME: /opt/keycloak
when: kcadm_login is succeeded
- name: Create SAML client for Nextcloud
command: >
/opt/keycloak/bin/kcadm.sh create clients -r OpenCMMC
-s clientId=nextcloud
-s enabled=true
-s protocol=saml
-s 'redirectUris=["https://nextcloud.yourdomain.com/*"]'
-s 'attributes.saml.assertion.signature=true'
-s 'attributes.saml.force.post.binding=true'
environment:
KC_HOME: /opt/keycloak
when: kcadm_login is succeeded
Reference in New Issue View Git Blame Copy Permalink