IBM-Security / isam-ansible-roles

DEPRECATED Ansible Custom Modules, Handlers and Tasks for ISAM. Requires "ibmsecurity" python package.
Apache License 2.0
24 stars 43 forks source link

Role add_oauth_definition: add OIDC support (how to) #62

Closed sygilber closed 6 years ago

sygilber commented 6 years ago

Now that the ibmsecurity module supports OIDC for API Definition (see https://github.com/IBM-Security/ibmsecurity/issues/58 for ref), I am looking to provide the required customizations to the role 'add_oauth_definition' to support the additionnal 9.0.4 OIDC API Definition parameters, and simply looking for advise.

Should we A) let the playbook developper using the role 'add_oauth_definition' build this unique oidc json object (see below) and pass it as a single parameter to the role, or B) add in the role every required individual parameters and build the oidc json object internaly in the role ?

   "oidc":{
     "enabled":true,
     "alg":"RS256",
     "db":"rt_profile_keys",
     "cert":"server",
     "poc":"https://www.myWebSEAL.com",
     "lifetime":3600,
     "enc":{
       "enabled":false
     },
     "attributeSources":[
       {
         "attributeName": "exampleAttribute",
         "attributeSourceId": "1"
       }
     ]
   }

Thanks

sygilber commented 6 years ago

I am testing approach A) described above where the playbook passes a full JSON object as a single parameter to the ansible role. So far it is working good. Will share code (pull request) eventually in the coming days.

sygilber commented 6 years ago

Closing issue which is now resolved by pull request https://github.com/IBM-Security/isam-ansible-roles/pull/63.

Thanks