mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
[keycloak_user_federation]: Adding option krbPrincipalAttribute (#7538)
* keycloak_user_federation: Adding support for krbPrincipalAttribute Signed-off-by: boolman <boolman@gmail.com> * pr/7538 adding changelogs/fragment file Signed-off-by: boolman <boolman@gmail.com> * Update changelogs/fragments/7538-add-krbprincipalattribute-option.yml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_user_federation.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_user_federation.py Co-authored-by: Felix Fontein <felix@fontein.de> --------- Signed-off-by: boolman <boolman@gmail.com> Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
parent
12395732e8
commit
938aec492e
3 changed files with 17 additions and 0 deletions
|
@ -0,0 +1,2 @@
|
|||
minor_changes:
|
||||
- keycloak_user_federation - add option for ``krbPrincipalAttribute`` (https://github.com/ansible-collections/community.general/pull/7538).
|
|
@ -342,6 +342,16 @@ options:
|
|||
- Name of kerberos realm.
|
||||
type: str
|
||||
|
||||
krbPrincipalAttribute:
|
||||
description:
|
||||
- Name of the LDAP attribute, which refers to Kerberos principal.
|
||||
This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak.
|
||||
When this is empty, the LDAP user will be looked based on LDAP username corresponding
|
||||
to the first part of his Kerberos principal. For instance, for principal C(john@KEYCLOAK.ORG),
|
||||
it will assume that LDAP username is V(john).
|
||||
type: str
|
||||
version_added: 8.1.0
|
||||
|
||||
serverPrincipal:
|
||||
description:
|
||||
- Full name of server principal for HTTP service including server and domain name. For
|
||||
|
@ -764,6 +774,7 @@ def main():
|
|||
readTimeout=dict(type='int'),
|
||||
searchScope=dict(type='str', choices=['1', '2'], default='1'),
|
||||
serverPrincipal=dict(type='str'),
|
||||
krbPrincipalAttribute=dict(type='str'),
|
||||
startTls=dict(type='bool', default=False),
|
||||
syncRegistrations=dict(type='bool', default=False),
|
||||
trustEmail=dict(type='bool', default=False),
|
||||
|
|
|
@ -326,6 +326,7 @@ class TestKeycloakUserFederation(ModuleTestCase):
|
|||
'connectionPooling': True,
|
||||
'pagination': True,
|
||||
'allowKerberosAuthentication': False,
|
||||
'krbPrincipalAttribute': 'krbPrincipalName',
|
||||
'debug': False,
|
||||
'useKerberosForPasswordAuthentication': False,
|
||||
},
|
||||
|
@ -374,6 +375,9 @@ class TestKeycloakUserFederation(ModuleTestCase):
|
|||
"enabled": [
|
||||
"true"
|
||||
],
|
||||
"krbPrincipalAttribute": [
|
||||
"krb5PrincipalName"
|
||||
],
|
||||
"usernameLDAPAttribute": [
|
||||
"uid"
|
||||
],
|
||||
|
|
Loading…
Reference in a new issue