search

ansible-collections / community.general

Ansible Community General Collection
https://galaxy.ansible.com/ui/repo/published/community/general/
GNU General Public License v3.0
833 stars 1.53k forks source link

[PR #8973/464812a2 backport][stable-9] keycloak_client add option to support client-x509 authentication #9005

Closed patchback[bot] closed 1 month ago

patchback[bot] commented 1 month ago

This is a backport of PR #8973 as merged into main (464812a2c28dcae652f24345cf9d337c65d5f69c).

SUMMARY

keycloak_client is missing support for x509 client authentication,
this PR updates client_authenticator_type with the choice client-x509

ISSUE TYPE

Feature Pull Request

COMPONENT NAME

modules/keycloak_client

ADDITIONAL INFORMATION

Below is steps to test the result with this PR applied.

cat ~/keycloak/certs/start.sh  
export KEYCLOAK_ADMIN=admin
export KEYCLOAK_ADMIN_PASSWORD=admin

cd /opt/keycloak
bin/kc.sh start-dev --https-certificate-key-file=/certs/certificate.key --https-certificate-file=/certs/certificate.crt --https-trust-store-file=/certs/truststore.jks --https-trust-store-password=password --https-client-auth=request --log-level=trace

Start Keycloak docker run --rm -it -p 8080:8080 -p 8443:8443 -v ~/keycloak/certs:/certs --entrypoint=/bin/bash keycloak/keycloak:25.0 bash /certs/start.sh

Apply config

ansible-playbook ....

Verify 

$ curl --cacert ~/keycloak/certs/ca.crt --cert ~/keycloak/certs/certificate.crt --key ~/keycloak/certs/certificate.key https://127.0.0.1:8443/realms/test/protocol/openid-connect/token --data "client_id=test&username=testuser&password=testuser&grant_type=password" -k -v
ansibullbot commented 1 month ago

cc @eikef @mattock @ndclt @thomasbach-dev click here for bot help