diff --git a/README.md b/README.md index e6c9010..fab3377 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,7 @@ epas_ldap_login_return_uri: '/.' epas_ldap_eppn_attribute_name: 'eduPersonPrincipalName' ## Keycloak epas_keyclock_enabled: True +epas_oauth_login: 'true' ``` diff --git a/defaults/main.yml b/defaults/main.yml index 84570da..75c89f5 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -64,9 +64,11 @@ epas_ldap_bind_dn: 'cn=readuser,ou=People,o=example,c=org' epas_ldap_authenticate_user_search_dn: 'o=example,c=org' ## Keycloak epas_keyclock_enabled: True +epas_oauth_login: 'true' epas_keycloak_config_uri: 'https://sso.cnr.it/auth/realms/CNR/.well-known/openid-configuration' #epas_keycloak_client_id: 'client id' #epas_keycloak_client_secret: 'use a vault file' +epas_keycloak_jwt_field: 'email_cnr' ## Logs epas_log_level: 'INFO' epas_log_appenders: 'stderr' diff --git a/templates/epas-docker-compose.yml.j2 b/templates/epas-docker-compose.yml.j2 index 9145277..329bf31 100644 --- a/templates/epas-docker-compose.yml.j2 +++ b/templates/epas-docker-compose.yml.j2 @@ -78,9 +78,12 @@ services: - LDAP_AUTHENTICATE_USER_SEARCH_DN={{ epas_ldap_authenticate_user_search_dn }} {% endif %} {% if epas_keyclock_enabled %} - - KEYCLOAK_CONFIG_URI={{ epas_keycloak_config_uri}} - - KEYCLOAK_CLIENT_ID={{ epas_keycloak_client_id}} - - KEYCLOAK_CLIENT_SECRET={{ epas_keycloak_client_secret}} + #### Autenticazione OAuth #### + - OAUTH_LOGIN={{ epas_oauth_login }} #Opzionale. default: false. Abilita l'autenticazione keycloak. + - KEYCLOAK_CONFIG_URI={{ epas_keycloak_config_uri }} + - KEYCLOAK_CLIENT_ID={{ epas_keycloak_client_id }} + - KEYCLOAK_CLIENT_SECRET={{ epas_keycloak_client_secret }} + - KEYCLOAK_JWT_FIELD={{ epas_keycloak_jwt_field }} #Opzionale. default: email {% endif %} {% if epas_flows_enabled %} - FLOWS_ACTIVE=true # defalut: false --(true,false) -- se impostato a true abilita l'utilizzo dei flussi interni a ePAS