1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

[keycloak_user_federation]: Adding option krbPrincipalAttribute (#7538)

* keycloak_user_federation: Adding support for krbPrincipalAttribute

Signed-off-by: boolman <boolman@gmail.com>

* pr/7538 adding changelogs/fragment file

Signed-off-by: boolman <boolman@gmail.com>

* Update changelogs/fragments/7538-add-krbprincipalattribute-option.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user_federation.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user_federation.py

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Signed-off-by: boolman <boolman@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Boolman 2023-11-26 17:20:05 +01:00 committed by GitHub
parent 12395732e8
commit 938aec492e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 17 additions and 0 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- keycloak_user_federation - add option for ``krbPrincipalAttribute`` (https://github.com/ansible-collections/community.general/pull/7538).

View file

@ -342,6 +342,16 @@ options:
- Name of kerberos realm. - Name of kerberos realm.
type: str type: str
krbPrincipalAttribute:
description:
- Name of the LDAP attribute, which refers to Kerberos principal.
This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak.
When this is empty, the LDAP user will be looked based on LDAP username corresponding
to the first part of his Kerberos principal. For instance, for principal C(john@KEYCLOAK.ORG),
it will assume that LDAP username is V(john).
type: str
version_added: 8.1.0
serverPrincipal: serverPrincipal:
description: description:
- Full name of server principal for HTTP service including server and domain name. For - Full name of server principal for HTTP service including server and domain name. For
@ -764,6 +774,7 @@ def main():
readTimeout=dict(type='int'), readTimeout=dict(type='int'),
searchScope=dict(type='str', choices=['1', '2'], default='1'), searchScope=dict(type='str', choices=['1', '2'], default='1'),
serverPrincipal=dict(type='str'), serverPrincipal=dict(type='str'),
krbPrincipalAttribute=dict(type='str'),
startTls=dict(type='bool', default=False), startTls=dict(type='bool', default=False),
syncRegistrations=dict(type='bool', default=False), syncRegistrations=dict(type='bool', default=False),
trustEmail=dict(type='bool', default=False), trustEmail=dict(type='bool', default=False),

View file

@ -326,6 +326,7 @@ class TestKeycloakUserFederation(ModuleTestCase):
'connectionPooling': True, 'connectionPooling': True,
'pagination': True, 'pagination': True,
'allowKerberosAuthentication': False, 'allowKerberosAuthentication': False,
'krbPrincipalAttribute': 'krbPrincipalName',
'debug': False, 'debug': False,
'useKerberosForPasswordAuthentication': False, 'useKerberosForPasswordAuthentication': False,
}, },
@ -374,6 +375,9 @@ class TestKeycloakUserFederation(ModuleTestCase):
"enabled": [ "enabled": [
"true" "true"
], ],
"krbPrincipalAttribute": [
"krb5PrincipalName"
],
"usernameLDAPAttribute": [ "usernameLDAPAttribute": [
"uid" "uid"
], ],