57 lines
1.7 KiB
YAML
57 lines
1.7 KiB
YAML
---
|
|
# defaults/main.yml for identity role
|
|
|
|
# 🔐 Keycloak Admin Credentials (can be overridden by deployment_config.yml)
|
|
keycloak_admin_user: admin
|
|
keycloak_admin_password: changeme
|
|
|
|
# 📜 Keycloak Realm Configuration
|
|
keycloak_realm: OpenCMMC
|
|
keycloak_realm_display_name: "OpenCMMC Identity Realm"
|
|
|
|
# 👥 Default Groups to Provision
|
|
keycloak_default_groups:
|
|
- Access_CUI
|
|
- Access_FCI
|
|
- Access_Proprietary
|
|
|
|
# 🧪 Default Clients to Register (set empty to skip automatic client registration)
|
|
keycloak_clients:
|
|
- name: nextcloud
|
|
protocol: saml
|
|
root_url: "https://nextcloud.{{ domain_name }}"
|
|
attributes:
|
|
email: "user.email"
|
|
displayname: "user.displayname"
|
|
uid: "user.userprincipalname"
|
|
- name: mailcow
|
|
protocol: openid-connect
|
|
root_url: "https://mail.{{ domain_name }}"
|
|
public_client: true
|
|
|
|
# 🧬 Optional Federation: Entra ID or LDAP
|
|
keycloak_federation_enabled: false
|
|
keycloak_federation_provider: "entra" # Options: entra, ldap
|
|
keycloak_federation_settings:
|
|
entra:
|
|
entity_id: "https://sts.windows.net/{{ entra_tenant_id }}/"
|
|
sso_url: "https://login.microsoftonline.com/{{ entra_tenant_id }}/saml2"
|
|
certificate: "{{ entra_certificate_path }}"
|
|
ldap:
|
|
url: "ldaps://ldap.example.com"
|
|
bind_dn: "cn=admin,dc=example,dc=com"
|
|
bind_credential: "changeme"
|
|
users_dn: "ou=Users,dc=example,dc=com"
|
|
groups_dn: "ou=Groups,dc=example,dc=com"
|
|
|
|
# 🔧 Step-CA Configuration
|
|
stepca_dns_names: "{{ domain_name }}"
|
|
stepca_admin_email: "{{ global_admin_email }}"
|
|
stepca_password: changeme-securely
|
|
|
|
# 🧑🔧 System User
|
|
svc_keycloak: svc_keycloak
|
|
svc_stepca: svc_stepca
|
|
|
|
stepca_enable_generate_root: true
|
|
stepca_root_cn: OpenCMMC Root CA |