From 40dd6d2ca45daa8d7ce1870557adf64041bc7dd9 Mon Sep 17 00:00:00 2001
From: Giancarlo Panichi <giancarlo.panichi@isti.cnr.it>
Date: Thu, 23 Nov 2023 14:19:07 +0100
Subject: [PATCH] Added Keycloak for support Attestati

---
 README.md                            | 4 +++-
 defaults/main.yml                    | 6 ++++++
 templates/epas-docker-compose.yml.j2 | 5 +++++
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f6318a3..e6c9010 100644
--- a/README.md
+++ b/README.md
@@ -42,7 +42,6 @@ psql_db_data: '{{ epas_psql_pg_data }}'
 epas_server_hostname: 'epas.example.com'
 # Teleworker
 epas_teleworker_server_active: 'true'
-epas_teleworker_server_baseurl: 'http://epasteleworker.isti.cnr.it:8080'
 epas_teleworker_server_user: 'app.epas'
 #epas_teleworker_server_password: 'set in a vault file'
 ## SMTP
@@ -61,6 +60,9 @@ epas_ldap_timeout: 1000
 epas_ldap_base_dn: 'ou=People,dc=example,dc=org'
 epas_ldap_login_return_uri: '/.'
 epas_ldap_eppn_attribute_name: 'eduPersonPrincipalName'
+## Keycloak
+epas_keyclock_enabled: True
+
 ```
 
 Dependencies
diff --git a/defaults/main.yml b/defaults/main.yml
index 3c7a46b..84570da 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -62,5 +62,11 @@ epas_ldap_authenticated_bind: False
 epas_ldap_bind_dn: 'cn=readuser,ou=People,o=example,c=org'
 #epas_ldap_bind_credentials: 'use a vault file'
 epas_ldap_authenticate_user_search_dn: 'o=example,c=org'
+## Keycloak
+epas_keyclock_enabled: True
+epas_keycloak_config_uri: 'https://sso.cnr.it/auth/realms/CNR/.well-known/openid-configuration'
+#epas_keycloak_client_id: 'client id'
+#epas_keycloak_client_secret: 'use a vault file'
+## Logs
 epas_log_level: 'INFO'
 epas_log_appenders: 'stderr'
diff --git a/templates/epas-docker-compose.yml.j2 b/templates/epas-docker-compose.yml.j2
index 7c2e7d9..f3a435a 100644
--- a/templates/epas-docker-compose.yml.j2
+++ b/templates/epas-docker-compose.yml.j2
@@ -77,6 +77,11 @@ services:
       - LDAP_BIND_CREDENTIALS={{ epas_ldap_bind_credentials }}
       - LDAP_AUTHENTICATE_USER_SEARCH_DN={{ epas_ldap_authenticate_user_search_dn }}
 {% endif %}
+{% if epas_keyclock_enabled %}
+	  - KEYCLOAK_CONFIG_URI={{ epas_keycloak_config_uri}}
+	  - KEYCLOAK_CLIENT_ID={{ epas_keycloak_client_id}}
+	  - KEYCLOAK_CLIENT_SECRET={{ epas_keycloak_client_secret}}
+{% endif %}
 {% if epas_flows_enabled %}
       - FLOWS_ACTIVE=true                     # defalut: false --(true,false) -- se impostato a true abilita l'utilizzo dei flussi interni a ePAS
       - URL_ATTESTATI={{ epas_attestati_url }}                        # default: https://attestativ2.rm.cnr.it