Digitalboard/reference-ansible
5
1
Fork 0
Code Pull requests Activity Actions

feat: add oidc provisioning for opencloud

Browse source 
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
This commit is contained in:
Bert-Jan Fikse 2026-03-05 15:36:12 +01:00
parent 15a2d321b0
commit ad1f8a1999
Signed by: bert-jan
GPG key ID: C1E0AB516AC16D1A
2 changed files with 26 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

11
inventories/vagrant/host_vars/backend/keycloak.yml
View file

@ -52,6 +52,17 @@ keycloak_oidc_clients:
- openid - openid
- email - email
- profile - profile
- client_id: opencloud
name: "OpenCloud"
client_secret: "opencloud-secret-change-in-production"
redirect_uris:
- "https://opencloud.local.test/"
- "https://opencloud.local.test/oidc-callback.html"
- "https://opencloud.local.test/oidc-silent-redirect.html"
default_client_scopes:
- openid
- email
- profile
# Identity providers (external login sources) # Identity providers (external login sources)
# Uncomment and configure for production use with real credentials # Uncomment and configure for production use with real credentials

15
inventories/vagrant/host_vars/backend/opencloud.yml Normal file
View file

@ -0,0 +1,15 @@
opencloud_domain: "opencloud.local.test"
opencloud_admin_password: "admin"
opencloud_extra_hosts:
- "opencloud.local.test:host-gateway"
- "keycloak.local.test:host-gateway"
# OIDC configuration (Keycloak)
opencloud_oidc_issuer: "https://keycloak.local.test/realms/vagrant"
opencloud_oidc_client_id: "opencloud"
opencloud_oidc_client_secret: "opencloud-secret-change-in-production"
opencloud_oidc_account_edit_url: "https://keycloak.local.test/realms/vagrant/account"
# Allow OpenCloud to connect to Keycloak for OIDC discovery
opencloud_csp_extra_connect_src:
- "https://keycloak.local.test/"