sheppy/no-secrets-athq-ansible
1
0
Fork 0
mirror of https://github.com/FAUSheppy/no-secrets-athq-ansible synced 2025-12-06 08:51:37 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: group matching in oauthproxy with keycloak

Browse Source
This commit is contained in:
Johnathen Sheppard
2023-06-07 08:01:04 +00:00
parent 8e2daf02be
commit 2bae3bd42e
2 changed files with 25 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
templates/oauth-standalone-docker-compose.yaml
View File

@@ -19,15 +19,16 @@ services:
ports:
- {{ services[item].port }}:{{ services[item].port }}
environment:
OAUTH2_PROXY_SCOPE: openid email profile
OAUTH2_PROXY_UPSTREAMS: http://{{ ansible_default_ipv4.address }}:{{ services[item].port + 1000 }}/
OAUTH2_PROXY_EMAIL_DOMAINS: '*'
OAUTH2_PROXY_PROVIDER: oidc
OAUTH2_PROXY_PROVIDER: keycloak-oidc
OAUTH2_PROXY_PROVIDER_DISPLAY_NAME: "AtlantisHQ Accounts"
OAUTH2_PROXY_REDIRECT_URL: "{{ keycloak_clients[item].master_address }}/oauth2/callback"
OAUTH2_PROXY_OIDC_ISSUER_URL: "https://{{ keycloak_address }}/realms/master"
OAUTH2_PROXY_CLIENT_ID: "{{ keycloak_clients[item].client_id }}"
OAUTH2_PROXY_CLIENT_SECRET: "{{ keycloak_clients[item].client_secret }}"
OAUTH2_PROXY_ALLOWED_ROLES: "{{ keycloak_clients[item].groups }}"
OAUTH2_PROXY_ALLOWED_GROUPS: {{ keycloak_clients[item].groups }}
OAUTH2_PROXY_OIDC_EMAIL_CLAIM: sub