`__. - The Keycloak API does not always enforce for only sensible settings to be used \-\- you can set SAML\-specific settings on an OpenID Connect client for instance and the other way around. Be careful. If you do not specify a setting, usually a sensible default is chosen. .. Aliases .. Requirements .. Options Parameters ---------- .. raw:: html

Parameter	Comments
attributes dictionary	A dict of further attributes for this client template. This can contain various configuration settings, though in the default installation of Keycloak as of 3.4, none are documented or known, so this is usually empty.
auth_client_id string	OpenID Connect client_id to authenticate to the API with. Default: `"admin-cli"`
auth_client_secret string	Client Secret to use in conjunction with auth_client_id (if required).
auth_keycloak_url aliases: url string / required	URL to the Keycloak instance.
auth_password aliases: password string	Password to authenticate for API access with.
auth_realm string	Keycloak realm name to authenticate to for API access.
auth_username aliases: username string	Username to authenticate for API access with.
connection_timeout integer	Controls the HTTP connections timeout period (in seconds) to Keycloak API. Default: `10`
description string	Description of the client template in Keycloak.
full_scope_allowed boolean	Is the "Full Scope Allowed" feature set for this client template or not. This is `fullScopeAllowed` in the Keycloak REST API. Choices: `false` `true`
http_agent string	Configures the HTTP User-Agent header. Default: `"Ansible"`
id string	ID of client template to be worked on. This is usually a UUID.
name string	Name of the client template.
protocol string	Type of client template. The `docker-v2` value was added in middleware_automation.keycloak 8.6.0. Choices: `"openid-connect"` `"saml"` `"docker-v2"`
protocol_mappers list / elements=dictionary	A list of dicts defining protocol mappers for this client template. This is `protocolMappers` in the Keycloak REST API.
config dictionary	Dict specifying the configuration options for the protocol mapper; the contents differ depending on the value of `protocol_mappers[].protocolMapper` and are not documented other than by the source of the mappers and its parent class(es). An example is given below. It is easiest to obtain valid config values by dumping an already-existing protocol mapper configuration through check-mode in the `existing` field.
consentRequired boolean	Specifies whether a user needs to provide consent to a client for this mapper to be active. Choices: `false` `true`
consentText string	The human-readable name of the consent the user is presented to accept.
id string	Usually a UUID specifying the internal ID of this protocol mapper instance.
name string	The name of this protocol mapper.
protocol string	This specifies for which protocol this protocol mapper is active. Choices: `"openid-connect"` `"saml"` `"docker-v2"`
protocolMapper string	The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is impossible to provide since this may be extended through SPIs by the user of Keycloak, by default Keycloak as of 3.4 ships with at least: `docker-v2-allow-all-mapper`. `oidc-address-mapper`. `oidc-full-name-mapper`. `oidc-group-membership-mapper`. `oidc-hardcoded-claim-mapper`. `oidc-hardcoded-role-mapper`. `oidc-role-name-mapper`. `oidc-script-based-protocol-mapper`. `oidc-sha256-pairwise-sub-mapper`. `oidc-usermodel-attribute-mapper`. `oidc-usermodel-client-role-mapper`. `oidc-usermodel-property-mapper`. `oidc-usermodel-realm-role-mapper`. `oidc-usersessionmodel-note-mapper`. `saml-group-membership-mapper`. `saml-hardcode-attribute-mapper`. `saml-hardcode-role-mapper`. `saml-role-list-mapper`. `saml-role-name-mapper`. `saml-user-attribute-mapper`. `saml-user-property-mapper`. `saml-user-session-note-mapper`. An exhaustive list of available mappers on your installation can be obtained on the admin console by going to Server Info -> Providers and looking under 'protocol-mapper'.
realm string	Realm this client template is found in. Default: `"master"`
refresh_token string	Authentication refresh token for Keycloak API.
state string	State of the client template. On `present`, the client template is created (or updated if it exists already). On `absent`, the client template is removed if it exists. Choices: `"present"` ← (default) `"absent"`
token string	Authentication token for Keycloak API.
validate_certs boolean	Verify TLS certificates (do not disable this in production). Choices: `false` `true` ← (default)

.. Attributes Attributes ---------- .. tabularcolumns:: \X{2}{10}\X{3}{10}\X{5}{10} .. list-table:: :width: 100% :widths: auto :header-rows: 1 :class: longtable ansible-option-table * - Attribute - Support - Description * - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_clienttemplate_module__attribute-action_group: .. rst-class:: ansible-option-title **action_group** .. raw:: html .. raw:: html

- .. raw:: html

:ansible-attribute-support-property:`Action group:` |antsibull-internal-nbsp|:ansible-attribute-support-full:`middleware\_automation.keycloak.keycloak` :ansible-option-versionadded:`added in middleware\_automation.keycloak 3.0.0` .. raw:: html

- .. raw:: html

Use :literal:`group/middleware\_automation.keycloak.keycloak` in :literal:`module\_defaults` to set defaults for this module. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_clienttemplate_module__attribute-check_mode: .. rst-class:: ansible-option-title **check_mode** .. raw:: html .. raw:: html

- .. raw:: html

:ansible-attribute-support-label:`Support: \ `\ :ansible-attribute-support-full:`full` .. raw:: html

- .. raw:: html

Can run in :literal:`check\_mode` and return changed status prediction without modifying target. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_clienttemplate_module__attribute-diff_mode: .. rst-class:: ansible-option-title **diff_mode** .. raw:: html .. raw:: html

- .. raw:: html

:ansible-attribute-support-label:`Support: \ `\ :ansible-attribute-support-full:`full` .. raw:: html

- .. raw:: html

Will return details on what has changed (or possibly needs changing in :literal:`check\_mode`\ ), when in diff mode. .. raw:: html

.. Notes Notes ----- .. note:: - The Keycloak REST API defines further fields (namely :literal:`bearerOnly`\ , :literal:`consentRequired`\ , :literal:`standardFlowEnabled`\ , :literal:`implicitFlowEnabled`\ , :literal:`directAccessGrantsEnabled`\ , :literal:`serviceAccountsEnabled`\ , :literal:`publicClient`\ , and :literal:`frontchannelLogout`\ ) which, while available with keycloak\_client, do not have any effect on Keycloak client\-templates and are discarded if supplied with an API request changing client\-templates. As such, they are not available through this module. .. Seealso .. Examples Examples -------- .. code-block:: yaml+jinja - name: Create or update Keycloak client template (minimal), authentication with credentials middleware_automation.keycloak.keycloak_client: auth_client_id: admin-cli auth_keycloak_url: https://auth.example.com auth_realm: master auth_username: USERNAME auth_password: PASSWORD realm: master name: this_is_a_test delegate_to: localhost - name: Create or update Keycloak client template (minimal), authentication with token middleware_automation.keycloak.keycloak_clienttemplate: auth_client_id: admin-cli auth_keycloak_url: https://auth.example.com auth_realm: master token: TOKEN realm: master name: this_is_a_test delegate_to: localhost - name: Delete Keycloak client template middleware_automation.keycloak.keycloak_client: auth_client_id: admin-cli auth_keycloak_url: https://auth.example.com auth_realm: master auth_username: USERNAME auth_password: PASSWORD realm: master state: absent name: test01 delegate_to: localhost - name: Create or update Keycloak client template (with a protocol mapper) middleware_automation.keycloak.keycloak_client: auth_client_id: admin-cli auth_keycloak_url: https://auth.example.com auth_realm: master auth_username: USERNAME auth_password: PASSWORD realm: master name: this_is_a_test protocol_mappers: - config: access.token.claim: true claim.name: "family_name" id.token.claim: true jsonType.label: String user.attribute: lastName userinfo.token.claim: true consentRequired: true consentText: "${familyName}" name: family name protocol: openid-connect protocolMapper: oidc-usermodel-property-mapper full_scope_allowed: false id: bce6f5e9-d7d3-4955-817e-c5b7f8d65b3f delegate_to: localhost .. Facts .. Return values Return Values ------------- Common return values are documented :ref:`here `, the following are the fields unique to this module: .. raw:: html

Key	Description
end_state dictionary	Representation of client template after module execution (sample is truncated). Returned: on success Sample: `{"description": "test01", "fullScopeAllowed": false, "id": "9c3712ab-decd-481e-954f-76da7b006e5f", "name": "test01", "protocol": "saml"}`
existing dictionary	Representation of existing client template (sample is truncated). Returned: always Sample: `{"description": "test01", "fullScopeAllowed": false, "id": "9c3712ab-decd-481e-954f-76da7b006e5f", "name": "test01", "protocol": "saml"}`
msg string	Message as to what action was taken. Returned: always Sample: `"Client template testclient has been updated"`
proposed dictionary	Representation of proposed client template. Returned: always Sample: `{"name": "test01"}`

.. Status (Presently only deprecated) .. Authors Authors ~~~~~~~ - Eike Frost (@eikef) .. Extra links .. Parsing errors