keycloak_realm – Allows administration of Keycloak realm via Keycloak API
Note
This module is part of the middleware_automation.keycloak collection.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install middleware_automation.keycloak
.
To use it in a playbook, specify: middleware_automation.keycloak.keycloak_realm
.
New in middleware_automation.keycloak 3.0.0
Synopsis
This module allows the administration of Keycloak realm via the Keycloak REST API. It requires access to the REST API via OpenID Connect; the user connecting and the realm being used must have the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate realm definition with the scope tailored to your needs and a user having the expected roles.
The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation at https://www.keycloak.org/docs-api/8.0/rest-api/index.html. Aliases are provided so camelCased versions can be used as well.
The Keycloak API does not always sanity check inputs e.g. you can set SAML-specific settings on an OpenID Connect client for instance and vice versa. Be careful. If you do not specify a setting, usually a sensible default is chosen.
Parameters
Parameter |
Comments |
---|---|
The realm access code lifespan. |
|
The realm access code lifespan login. |
|
The realm access code lifespan user action. |
|
The realm access token lifespan. |
|
The realm access token lifespan for implicit flow. |
|
The realm account theme. |
|
The realm action token generated by admin lifespan. |
|
The realm action token generated by user lifespan. |
|
The realm admin events details enabled. Choices:
|
|
The realm admin events enabled. Choices:
|
|
The realm admin theme. |
|
The realm attributes. |
|
OpenID Connect client_id to authenticate to the API with. Default: |
|
Client Secret to use in conjunction with auth_client_id (if required). |
|
URL to the Keycloak instance. |
|
Password to authenticate for API access with. |
|
Keycloak realm name to authenticate to for API access. |
|
Username to authenticate for API access with. |
|
The realm browser flow. |
|
The realm browser security headers. |
|
The realm brute force protected. Choices:
|
|
The realm client authentication flow. |
|
The realm client scope mappings. |
|
Controls the HTTP connections timeout period (in seconds) to Keycloak API. Default: |
|
The realm default default client scopes. |
|
The realm default groups. |
|
The realm default locale. |
|
The realm default optional client scopes. |
|
The realm default roles. |
|
The realm default signature algorithm. |
|
The realm direct grant flow. |
|
The realm display name. |
|
The realm display name HTML. |
|
The realm docker authentication flow. |
|
The realm duplicate emails allowed option. Choices:
|
|
The realm edit username allowed option. Choices:
|
|
The realm email theme. |
|
The realm enabled option. Choices:
|
|
The realm enabled event types. |
|
Enables or disables login events for this realm. Choices:
|
|
The realm events expiration. |
|
The realm events listeners. |
|
The realm failure factor. |
|
Configures the HTTP User-Agent header. Default: |
|
The realm to create. |
|
The realm internationalization enabled option. Choices:
|
|
The realm login theme. |
|
The realm login with email allowed option. Choices:
|
|
The realm max delta time in seconds. |
|
The realm max failure wait in seconds. |
|
The realm minimum quick login wait in seconds. |
|
The realm not before. |
|
The realm offline session idle timeout. |
|
The realm offline session max lifespan. |
|
The realm offline session max lifespan enabled option. Choices:
|
|
The realm otp policy algorithm. |
|
The realm otp policy digits. |
|
The realm otp policy initial counter. |
|
The realm otp policy look ahead window. |
|
The realm otp policy period. |
|
The realm otp policy type. |
|
The realm otp supported applications. |
|
The realm password policy. |
|
The realm permanent lockout. Choices:
|
|
The realm quick login check in milliseconds. |
|
The realm name. |
|
The realm refresh token max reuse. |
|
The realm registration allowed option. Choices:
|
|
The realm registration email as username option. Choices:
|
|
The realm registration flow. |
|
The realm remember me option. Choices:
|
|
The realm reset credentials flow. |
|
The realm reset password allowed option. Choices:
|
|
The realm revoke refresh token option. Choices:
|
|
The realm smtp server. |
|
The realm ssl required option. Choices:
|
|
The realm sso session idle timeout. |
|
The realm sso session idle timeout remember me. |
|
The realm sso session max lifespan. |
|
The realm sso session max lifespan remember me. |
|
State of the realm. On On Choices:
|
|
The realm supported locales. |
|
Authentication token for Keycloak API. |
|
The realm user managed access allowed option. Choices:
|
|
Verify TLS certificates (do not disable this in production). Choices:
|
|
The realm verify email option. Choices:
|
|
The realm wait increment in seconds. |
Attributes
Attribute |
Support |
Description |
---|---|---|
Support: full |
Can run in |
|
Support: full |
Will return details on what has changed (or possibly needs changing in |
Examples
- name: Create or update Keycloak realm (minimal example)
middleware_automation.keycloak.keycloak_realm:
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
id: realm
realm: realm
state: present
- name: Delete a Keycloak realm
middleware_automation.keycloak.keycloak_realm:
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
id: test
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Representation of realm after module execution (sample is truncated). Returned: on success Sample: |
|
Representation of existing realm (sample is truncated). Returned: always Sample: |
|
Message as to what action was taken. Returned: always Sample: |
|
Representation of proposed realm. Returned: always Sample: |