fix(helmfile): Support for Keycloak session settings via functional.authentication.realmSettings.*

helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl

@@ -98,6 +98,18 @@ config:
     intraCluster:
       enabled: true
       internalBaseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
+  realmSettings:
+    accessTokenLifespan: {{ .Values.functional.authentication.realmSettings.accessTokenLifespan }}
+    revokeRefreshToken: {{ .Values.functional.authentication.realmSettings.revokeRefreshToken }}
+    ssoSessionIdleTimeout: {{ .Values.functional.authentication.realmSettings.ssoSessionIdleTimeout }}
+    ssoSessionMaxLifespan: {{ .Values.functional.authentication.realmSettings.ssoSessionMaxLifespan }}
+    offlineSessionIdleTimeout: {{ .Values.functional.authentication.realmSettings.offlineSessionIdleTimeout }}
+    offlineSessionMaxLifespanEnabled: {{ .Values.functional.authentication.realmSettings.offlineSessionMaxLifespanEnabled }}
+    offlineSessionMaxLifespan: {{ .Values.functional.authentication.realmSettings.offlineSessionMaxLifespan }}
+    clientSessionIdleTimeout: {{ .Values.functional.authentication.realmSettings.clientSessionIdleTimeout }}
+    clientSessionMaxLifespan: {{ .Values.functional.authentication.realmSettings.clientSessionMaxLifespan }}
+    clientOfflineSessionIdleTimeout: {{ .Values.functional.authentication.realmSettings.clientOfflineSessionIdleTimeout }}
+    clientOfflineSessionMaxLifespan: {{ .Values.functional.authentication.realmSettings.clientOfflineSessionMaxLifespan }}
   twoFactorSettings:
     additionalGroups: {{ .Values.functional.authentication.twoFactor.groups }}
   precreateGroups: [ 'Domain Admins', 'Domain Users', '2fa-users', 'IAM API - Full Access',

helmfile/environments/default/charts.yaml.gotmpl

@@ -333,7 +333,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-keycloak-bootstrap"
     name: "opendesk-keycloak-bootstrap"
-    version: "2.4.0"
+    version: "2.5.0"
     verify: true
   opendeskStaticFiles:
     # providerCategory: "Platform"

helmfile/environments/default/functional.yaml.gotmpl

@@ -20,10 +20,26 @@ functional:
       groups:
         - "Domain Admins"
     oidc:
-      # Define additional/custom OIDC clients to be created in the 'opendesk' realm of Keycloak.
+      # Define additional/custom OIDC clients to be created in the 'opendesk' realm within Keycloak.
       clients: ~
-      # Define additional/custom OIDC client scopes to be created in the 'opendesk' realm of Keycloak.
+      # Define additional/custom OIDC client scopes to be created in the 'opendesk' realm within Keycloak.
       clientScopes: ~
+    # Configure global settings of the 'opendesk' realm within Keycloak. The values are directly
+    # passed into the `realmSettings` section of the `opendesk-keycloak-bootstrap` chart.
+    # Ref.: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-keycloak-bootstrap
+    # Note: Global settings can potentially be overridden on a client level.
+    realmSettings:
+      accessTokenLifespan: 300
+      revokeRefreshToken: false
+      ssoSessionIdleTimeout: 14400
+      ssoSessionMaxLifespan: 57600
+      offlineSessionIdleTimeout: 2592000
+      offlineSessionMaxLifespanEnabled: false
+      offlineSessionMaxLifespan: 5184000
+      clientSessionIdleTimeout: 0
+      clientSessionMaxLifespan: 0
+      clientOfflineSessionIdleTimeout: 0
+      clientOfflineSessionMaxLifespan: 0
 
   externalServices:
     nubus: