Added Keycloak for support Attestati

README.md

@@ -42,7 +42,6 @@ psql_db_data: '{{ epas_psql_pg_data }}'
 epas_server_hostname: 'epas.example.com'
 # Teleworker
 epas_teleworker_server_active: 'true'
-epas_teleworker_server_baseurl: 'http://epasteleworker.isti.cnr.it:8080'
 epas_teleworker_server_user: 'app.epas'
 #epas_teleworker_server_password: 'set in a vault file'
 ## SMTP
@@ -61,6 +60,9 @@ epas_ldap_timeout: 1000
 epas_ldap_base_dn: 'ou=People,dc=example,dc=org'
 epas_ldap_login_return_uri: '/.'
 epas_ldap_eppn_attribute_name: 'eduPersonPrincipalName'
+## Keycloak
+epas_keyclock_enabled: True
+
 ```
 
 Dependencies

defaults/main.yml

@@ -62,5 +62,11 @@ epas_ldap_authenticated_bind: False
 epas_ldap_bind_dn: 'cn=readuser,ou=People,o=example,c=org'
 #epas_ldap_bind_credentials: 'use a vault file'
 epas_ldap_authenticate_user_search_dn: 'o=example,c=org'
+## Keycloak
+epas_keyclock_enabled: True
+epas_keycloak_config_uri: 'https://sso.cnr.it/auth/realms/CNR/.well-known/openid-configuration'
+#epas_keycloak_client_id: 'client id'
+#epas_keycloak_client_secret: 'use a vault file'
+## Logs
 epas_log_level: 'INFO'
 epas_log_appenders: 'stderr'

templates/epas-docker-compose.yml.j2

@@ -77,6 +77,11 @@ services:
       - LDAP_BIND_CREDENTIALS={{ epas_ldap_bind_credentials }}
       - LDAP_AUTHENTICATE_USER_SEARCH_DN={{ epas_ldap_authenticate_user_search_dn }}
 {% endif %}
+{% if epas_keyclock_enabled %}
+	  - KEYCLOAK_CONFIG_URI={{ epas_keycloak_config_uri}}
+	  - KEYCLOAK_CLIENT_ID={{ epas_keycloak_client_id}}
+	  - KEYCLOAK_CLIENT_SECRET={{ epas_keycloak_client_secret}}
+{% endif %}
 {% if epas_flows_enabled %}
       - FLOWS_ACTIVE=true                     # defalut: false --(true,false) -- se impostato a true abilita l'utilizzo dei flussi interni a ePAS
       - URL_ATTESTATI={{ epas_attestati_url }}                        # default: https://attestativ2.rm.cnr.it