fix redirect url + certificate parsing

4 years ago · bdd353cd53
1 changed files with 22 additions and 12 deletions
--- a/import.yaml
+++ b/import.yaml
@ -3,6 +3,12 @@
  gather_facts: no
  vars:
    metadata: "{{ lookup('file', 'metadata.xml') }}"
    keycloak_url: https://lb.itix.lab/auth
    keycloak_password: secret
    keycloak_admin: admin
    keycloak_target_realm: Amft
    keycloak_validate_certs: no
    client_id: CFT01
  tasks:
  - name: extract NameIDFormat
    xml:
@ -59,26 +65,30 @@
  - debug:
      var: certificate
  - shell: echo '{{ certificate }}' | base64 -d | openssl x509 -inform der
    register: openssl
  - set_fact:
-      x509_certificate: '{{ openssl.stdout }}'
+      x509_certificate: |
        -----BEGIN CERTIFICATE-----
        {{ base64 }}
        -----END CERTIFICATE-----
    vars:
      base64: "{{ certificate | regex_findall('.{1,64}') | join('\n') }}"
  - debug:
      var: x509_certificate
  - name: Create Keycloak Client
    community.general.keycloak_client:
-      auth_keycloak_url: https://lb.itix.lab/auth
+      auth_keycloak_url: '{{ keycloak_url }}'
-      auth_password: secret
+      auth_password: '{{ keycloak_password }}'
      auth_realm: master
-      auth_username: admin
+      auth_username: '{{ keycloak_admin }}'
-      validate_certs: no
+      validate_certs: '{{ keycloak_validate_certs | default("yes") | bool }}'
      protocol: saml
-      realm: Amft
+      realm: '{{ keycloak_target_realm }}'
-      client_id: '{{ cft_client }}'
+      client_id: '{{ client_id }}'
      attributes:
        saml.signing.certificate: '{{ x509_certificate }}'
        saml_assertion_consumer_url_post: '{{ acs }}'
        saml_single_logout_service_url_post: '{{ sls }}'
        saml_name_id_format: unspecified
-    vars:
+      redirect_uris:
-      cft_client: CFT01
+      - '{{ acs }}'