Added support to SSO CNR

README.md

@@ -62,6 +62,7 @@ epas_ldap_login_return_uri: '/.'
 epas_ldap_eppn_attribute_name: 'eduPersonPrincipalName'
 ## Keycloak
 epas_keyclock_enabled: True
+epas_oauth_login: 'true'
 
 ```
 

defaults/main.yml

@@ -64,9 +64,11 @@ epas_ldap_bind_dn: 'cn=readuser,ou=People,o=example,c=org'
 epas_ldap_authenticate_user_search_dn: 'o=example,c=org'
 ## Keycloak
 epas_keyclock_enabled: True
+epas_oauth_login: 'true'
 epas_keycloak_config_uri: 'https://sso.cnr.it/auth/realms/CNR/.well-known/openid-configuration'
 #epas_keycloak_client_id: 'client id'
 #epas_keycloak_client_secret: 'use a vault file'
+epas_keycloak_jwt_field: 'email_cnr'
 ## Logs
 epas_log_level: 'INFO'
 epas_log_appenders: 'stderr'

templates/epas-docker-compose.yml.j2

@@ -78,9 +78,12 @@ services:
       - LDAP_AUTHENTICATE_USER_SEARCH_DN={{ epas_ldap_authenticate_user_search_dn }}
 {% endif %}
 {% if epas_keyclock_enabled %}
-      - KEYCLOAK_CONFIG_URI={{ epas_keycloak_config_uri}}
-      - KEYCLOAK_CLIENT_ID={{ epas_keycloak_client_id}}
-      - KEYCLOAK_CLIENT_SECRET={{ epas_keycloak_client_secret}}
+      #### Autenticazione OAuth ####
+      - OAUTH_LOGIN={{ epas_oauth_login }}                       #Opzionale. default: false. Abilita l'autenticazione keycloak.
+      - KEYCLOAK_CONFIG_URI={{ epas_keycloak_config_uri }}
+      - KEYCLOAK_CLIENT_ID={{ epas_keycloak_client_id }}
+      - KEYCLOAK_CLIENT_SECRET={{ epas_keycloak_client_secret }}
+      - KEYCLOAK_JWT_FIELD={{ epas_keycloak_jwt_field }}         #Opzionale. default: email
 {% endif %}
 {% if epas_flows_enabled %}
       - FLOWS_ACTIVE=true                     # defalut: false --(true,false) -- se impostato a true abilita l'utilizzo dei flussi interni a ePAS