Added proxy introspection provider configs and defaults

README.md

@@ -72,6 +72,11 @@ keycloak_cluster: false
 keycloak_cache_type: ispn
 keycloak_cache_stack: tcp
 keycloak_cache_container_name: keycloak
+
+proxy_introspection_enabled: false
+proxy_introspection_issuer: 'https://proxy.acc.myaccessid.org'
+proxy_introspection_client_id: client-id-unconfigured
+# proxy_introspection_client_secret: 'define it into a vault file'
 ```
 
 Dependencies

defaults/main.yml

@@ -109,3 +109,5 @@ keycloak_jgroups_bind_specific_ip: false
 keycloak_jgroups_bind_ip_address: "{{ ansible_default_ipv4.address }}"
 keycloak_jgroups_extended_stack: false
 keycloak_jgroups_extended_stack_name: "extended-{{ keycloak_cache_stack }}"
+
+proxy_introspection_enabled: false

tasks/keycloak-configuration.yml

@@ -11,3 +11,13 @@
         mode: "0644"
       loop: '{{ keycloak_configuration_files }}'
       notify: Restart Keycloak
+
+    - name: keycloak-configuration | Install the TIP configuration since introspection proxy is enabled
+      ansible.builtin.template:
+        src: 'tip.yaml.j2'
+        dest: '{{ keycloak_conf_directory }}/tip.yaml'
+        owner: root
+        group: root
+        mode: "0644"
+      when: proxy_introspection_enabled
+      notify: Restart Keycloak

templates/keycloak.conf.j2

@@ -87,3 +87,7 @@ log-level={{ keycloak_log_level }}
 {{ keycloak_prop }}
 {% endfor %}
 
+{% if proxy_introspection_enabled %}
+spi-oauth2-token-introspection-access_token-yaml-config-file={{ keycloak_conf_directory }}/tip.yaml
+spi-oauth2-token-introspection-eosc_node_access_token-yaml-config-file={{ keycloak_conf_directory }}/tip.yaml
+{% endif %}