diff --git a/README.md b/README.md index 46d7353..e801281 100644 --- a/README.md +++ b/README.md @@ -72,6 +72,11 @@ keycloak_cluster: false keycloak_cache_type: ispn keycloak_cache_stack: tcp keycloak_cache_container_name: keycloak + +proxy_introspection_enabled: false +proxy_introspection_issuer: 'https://proxy.acc.myaccessid.org' +proxy_introspection_client_id: client-id-unconfigured +# proxy_introspection_client_secret: 'define it into a vault file' ``` Dependencies diff --git a/defaults/main.yml b/defaults/main.yml index a78dc3f..eed27bf 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -109,3 +109,5 @@ keycloak_jgroups_bind_specific_ip: false keycloak_jgroups_bind_ip_address: "{{ ansible_default_ipv4.address }}" keycloak_jgroups_extended_stack: false keycloak_jgroups_extended_stack_name: "extended-{{ keycloak_cache_stack }}" + +proxy_introspection_enabled: false \ No newline at end of file diff --git a/tasks/keycloak-configuration.yml b/tasks/keycloak-configuration.yml index 6c52216..26f96b4 100644 --- a/tasks/keycloak-configuration.yml +++ b/tasks/keycloak-configuration.yml @@ -11,3 +11,13 @@ mode: "0644" loop: '{{ keycloak_configuration_files }}' notify: Restart Keycloak + + - name: keycloak-configuration | Install the TIP configuration since introspection proxy is enabled + ansible.builtin.template: + src: 'tip.yaml.j2' + dest: '{{ keycloak_conf_directory }}/tip.yaml' + owner: root + group: root + mode: "0644" + when: proxy_introspection_enabled + notify: Restart Keycloak diff --git a/templates/keycloak.conf.j2 b/templates/keycloak.conf.j2 index 5bce0bf..76a67c6 100644 --- a/templates/keycloak.conf.j2 +++ b/templates/keycloak.conf.j2 @@ -87,3 +87,7 @@ log-level={{ keycloak_log_level }} {{ keycloak_prop }} {% endfor %} +{% if proxy_introspection_enabled %} +spi-oauth2-token-introspection-access_token-yaml-config-file={{ keycloak_conf_directory }}/tip.yaml +spi-oauth2-token-introspection-eosc_node_access_token-yaml-config-file={{ keycloak_conf_directory }}/tip.yaml +{% endif %} \ No newline at end of file