.. Document meta :orphan: .. |antsibull-internal-nbsp| unicode:: 0xA0 :trim: .. meta:: :antsibull-docs: 2.24.0 .. Anchors .. _ansible_collections.middleware_automation.keycloak.keycloak_authentication_flow_module: .. Anchors: short name for ansible.builtin .. Title keycloak_authentication_flow -- Allows administration of Keycloak authentication flows via Keycloak API +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .. Collection note .. note:: This module is part of the `middleware_automation.keycloak collection `_. It is not included in ``ansible-core``. To check whether it is installed, run :code:`ansible-galaxy collection list`. To install it, use: :code:`ansible\-galaxy collection install middleware\_automation.keycloak`. To use it in a playbook, specify: :code:`middleware_automation.keycloak.keycloak_authentication_flow`. .. version_added .. contents:: :local: :depth: 1 .. Deprecated Synopsis -------- .. Description - This module allows you to add, remove or modify Keycloak authentication flows via the Keycloak REST API. It requires access to the REST API via OpenID Connect; the user connecting and the client being used must have the requisite access rights. In a default Keycloak installation, admin\-cli and an admin user would work, as would a separate client definition with the scope tailored to your needs and a user having the expected roles. - This module supports creating new top\-level authentication flows, copying existing flows, and adding execution steps to a flow. .. Aliases .. Requirements .. Options Parameters ---------- .. raw:: html

Parameter

Comments

alias

string / required

Alias (name) of the authentication flow.

auth_client_id

string

OpenID Connect client_id to authenticate to the API with.

Default: "admin-cli"

auth_client_secret

string

Client Secret to use in conjunction with auth_client_id (if required).

auth_keycloak_url

aliases: url

string / required

URL to the Keycloak instance.

auth_password

aliases: password

string

Password to authenticate for API access with.

auth_realm

string

Keycloak realm name to authenticate to for API access.

auth_username

aliases: username

string

Username to authenticate for API access with.

connection_timeout

integer

added in middleware_automation.keycloak 4.5.0

Controls the HTTP connections timeout period (in seconds) to Keycloak API.

Default: 10

copy_from

aliases: copyFrom

string

If set, the new flow is created as a copy of the flow with this alias.

Cannot be used together with executions.

description

string

Description of the authentication flow.

Default: ""

executions

list / elements=dictionary

A list of executions (authenticator steps) to add to the flow.

Each execution is a dict with keys provider_id (or providerId) and requirement.

Executions are only added when the flow is first created.

Default: []

provider_id

aliases: providerId

string / required

The authenticator provider ID (e.g. auth-cookie, auth-password, auth-otp-form).

requirement

string / required

The requirement level for this execution.

Choices:

  • "REQUIRED"

  • "ALTERNATIVE"

  • "DISABLED"

  • "CONDITIONAL"

http_agent

string

added in middleware_automation.keycloak 5.4.0

Configures the HTTP User-Agent header.

Default: "Ansible"

provider_id

aliases: providerId

string

The provider ID for the flow.

Default: "basic-flow"

realm

string

The Keycloak realm under which this authentication flow resides.

Default: "master"

state

string

State of the authentication flow.

On present, the flow will be created if it does not yet exist.

On absent, the flow will be removed if it exists.

Choices:

  • "present" ← (default)

  • "absent"

token

string

added in middleware_automation.keycloak 3.0.0

Authentication token for Keycloak API.

validate_certs

boolean

Verify TLS certificates (do not disable this in production).

Choices:

  • false

  • true ← (default)
.. Attributes Attributes ---------- .. tabularcolumns:: \X{2}{10}\X{3}{10}\X{5}{10} .. list-table:: :width: 100% :widths: auto :header-rows: 1 :class: longtable ansible-option-table * - Attribute - Support - Description * - .. raw:: html
.. _ansible_collections.middleware_automation.keycloak.keycloak_authentication_flow_module__attribute-check_mode: .. rst-class:: ansible-option-title **check_mode** .. raw:: html .. raw:: html
- .. raw:: html
:ansible-attribute-support-label:`Support: \ `\ :ansible-attribute-support-full:`full` .. raw:: html
- .. raw:: html
Can run in :literal:`check\_mode` and return changed status prediction without modifying target. .. raw:: html
* - .. raw:: html
.. _ansible_collections.middleware_automation.keycloak.keycloak_authentication_flow_module__attribute-diff_mode: .. rst-class:: ansible-option-title **diff_mode** .. raw:: html .. raw:: html
- .. raw:: html
:ansible-attribute-support-label:`Support: \ `\ :ansible-attribute-support-full:`full` .. raw:: html
- .. raw:: html
Will return details on what has changed (or possibly needs changing in :literal:`check\_mode`\ ), when in diff mode. .. raw:: html
.. Notes .. Seealso .. Examples Examples -------- .. code-block:: yaml+jinja - name: Create an authentication flow with executions middleware_automation.keycloak.keycloak_authentication_flow: auth_keycloak_url: http://localhost:8080 auth_realm: master auth_username: admin auth_password: password realm: TestRealm alias: my-browser-flow description: "Custom browser flow" provider_id: basic-flow executions: - provider_id: auth-cookie requirement: ALTERNATIVE - provider_id: auth-password requirement: REQUIRED - provider_id: auth-otp-form requirement: ALTERNATIVE state: present delegate_to: localhost - name: Create an authentication flow by copying an existing one middleware_automation.keycloak.keycloak_authentication_flow: auth_keycloak_url: http://localhost:8080 auth_realm: master auth_username: admin auth_password: password realm: TestRealm alias: my-copy-of-browser copy_from: browser state: present delegate_to: localhost - name: Create a flow using token authentication middleware_automation.keycloak.keycloak_authentication_flow: auth_keycloak_url: http://localhost:8080 token: MY_TOKEN realm: TestRealm alias: my-flow state: present delegate_to: localhost - name: Delete an authentication flow middleware_automation.keycloak.keycloak_authentication_flow: auth_keycloak_url: http://localhost:8080 auth_realm: master auth_username: admin auth_password: password realm: TestRealm alias: my-browser-flow state: absent delegate_to: localhost .. Facts .. Return values Return Values ------------- Common return values are documented :ref:`here `, the following are the fields unique to this module: .. raw:: html

Key

Description

end_state

dictionary

Representation of the authentication flow after module execution.

Returned: on success

Sample: {"alias": "my-browser-flow", "builtIn": false, "id": "uuid-here", "providerId": "basic-flow", "topLevel": true}

msg

string

Message as to what action was taken.

Returned: always

Sample: "Authentication flow my-browser-flow has been created"
.. Status (Presently only deprecated) .. Authors Authors ~~~~~~~ - Paulo Menon (@paulomenon) .. Extra links .. Parsing errors