SSSD Federation does not run setup script

[aph3rson]

SUMMARY

When defining an SSSD federation type, two prerequisites need to be met for SSSD to work in Keycloak:

• PAM needs to have a keycloak service defined, that routes to pam_sss, and
• SSSD's InfoPipe interface needs to permit communication from Keycloak's OS user.

The bin/federation-sssd-setup.sh script included with Keycloak will do this mostly - however, it assumes Keycloak runs as root, rather than the specified user in the module.

This should be ran (or a derivative of it) when setting up an SSSD federation type.

ISSUE TYPE

• Bug Report

ANSIBLE VERSION

COLLECTION VERSION

ansible [core 2.16.3]
  config file = None
  configured module search path = ['/home/ubuntu/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/ubuntu/.local/lib/python3.10/site-packages/ansible
  ansible collection location = /home/ubuntu/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/ubuntu/.local/bin/ansible
  python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0] (/usr/bin/python3)
  jinja version = 3.0.3
  libyaml = True

[guidograzioli]

https://github.com/keycloak/keycloak/pull/28887