keycloak/files/server/realms.json - salt-formulas/keycloak - Gitiles

 {%- for realm_name, realm in realms.iteritems() %}

 {
   "id": "{{ realm.get('id', realm_name) }}",
   "realm": "{{ realm_name }}",
   "enabled": {{ realm.get('enabled', true)|json }},
   "sslRequired": "external",
   "requiredCredentials": [ "password" ],
   "clients": [
     {%- for client_name, client in realm.get('client', {}).iteritems() %}
     {
       "clientId": "{{ client_name }}",
       "enabled": {{ client.get("enabled", True)|json }},
       "baseUrl": "{{ client.base_url }}",
       "redirectUris": {{ client.redirect_uris|json }},
       {%- if client.web_origins is defined %}
       "webOrigins": {{ client.web_origins|json }},
       {%- endif %}
       "publicClient": {{ client.get('public_client', False)|json }},
       "adminUrl": "{{ client.admin_url }}",
       "directAccessGrantsEnabled": {{ client.get('direct_access_grants_enabled', False)|json }},
       "secret": "{{ client.secret }}",
       "fullScopeAllowed": true,
       "protocolMappers": [
         {%- for type, mapper in client.get('protocol_mapper', {}).iteritems() %}
         {%- set outer_loop = loop %}
           {%- for _, params in mapper.iteritems() %}
             {%- if type == "oidc-usermodel-property-mapper" %}
         {
           "protocolMapper" : "oidc-usermodel-property-mapper",
           "protocol" : "openid-connect",
           "name" : "{{ params.name }}",
           "config" : {
             "Claim JSON Type" : "String",
             "user.attribute" : "{{ params.user_attribute }}",
             "claim.name" : "{{ params.claim_name }}",
             "id.token.claim" : "true",
             "access.token.claim" : "true"
           }
         }{%- if not (loop.last and outer_loop.last) %},{%- endif %}
             {%- elif type == "oidc-full-name-mapper" %}
         {
           "protocolMapper" : "oidc-full-name-mapper",
           "protocol" : "openid-connect",
           "name" : "{{ params.name }}",
           "config" : {
             "id.token.claim" : "true",
             "access.token.claim" : "true"
           }
         }{%- if not (loop.last and outer_loop.last) %},{%- endif %}
             {%- endif %}
           {%- endfor %}
         {%- endfor %}
       ]
     }{%- if not loop.last %},{%- endif %}
   {%- endfor %}
   ],
   "userFederationProviders": [
     {%- for provider_name, provider in realm.get("federation_provider", {}).iteritems() %}
     {
       "displayName": "{{ provider.display_name }}",
       "providerName": "{{ provider_name }}",
       "priority": 1,
       "fullSyncPeriod": -1,
       "changedSyncPeriod": -1,
       "config": {
         "pagination" : "true",
         "debug" : "false",
         "searchScope" : "1",
         "connectionPooling" : "true",
         "usersDn" : "{{ provider.users_dn }}",
         "userObjectClasses" : "{{ provider.get('user_object_classes', 'inetOrgPerson') }}",
         "usernameLDAPAttribute" : "{{ provider.get('username_ldap_attribute', 'uid') }}",
         "bindDn" : "{{ provider.bind_dn }}",
         "bindCredential" : "{{ provider.bind_credential }}",
         "rdnLDAPAttribute" : "{{ provider.get('rdn_ldap_attribute', 'uid') }}",
         "vendor" : "other",
         "editMode" : "{{ provider.get('edit_mode', 'READ_ONLY') }}",
         "uuidLDAPAttribute" : "{{ provider.get('uuid_ldap_attribute', 'entryUUID') }}",
         "connectionUrl" : "{{ provider.get('connection_url', 'ldap://localhost:389') }}",
         "syncRegistrations" : "{{ provider.get('sync_registrations', False)|json }}",
         "authType" : "simple"
       }
     }{%- if not loop.last %},{%- endif %}
     {%- endfor %}
   ],
   "userFederationMappers" : [
     {%- for type, mapper in realm.get('federation_mapper', {}).iteritems() %}
     {%- set outer_loop = loop %}
       {%- for _, params in mapper.iteritems() %}
         {%- if type == "user-attribute-ldap-mapper" %}
     {
       "name" : "{{ params.name }}",
       "federationMapperType" : "user-attribute-ldap-mapper",
       "federationProviderDisplayName" : "{{ params.provider_display_name }}",
       "config" : {
         "ldap.attribute" : "{{ params.ldap_attribute }}",
         "user.model.attribute" : "{{ params.model_attribute }}",
         "is.mandatory.in.ldap" : "{{ params.get('mandatory', True)|json }}",
         "read.only" : "{{ params.get('read_only', False)|json }}",
         "always.read.value.from.ldap" : "{{ params.get('always_read', False)|json }}"
       }
     }{%- if not (loop.last and outer_loop.last) %},{%- endif %}
         {%- elif type == "role-ldap-mapper" %}
     {
       "name" : "{{ params.name }}",
       "federationMapperType" : "role-ldap-mapper",
       "federationProviderDisplayName" : "{{ params.provider_display_name }}",
       "config" : {
         "roles.dn" : "{{ params.roles_dn }}",
         "membership.ldap.attribute" : "{{ params.get('membership_ldap_attribute', 'memberUid') }}",
         "role.name.ldap.attribute" : "{{ params.get('role_name_ldap_attribute', 'cn') }}",
         "role.object.classes" : "{{ params.get('role_object_classes', 'posixGroup') }}",
         "mode" : "{{ params.get('mode', 'LDAP_ONLY') }}",
         "use.realm.roles.mapping" : "{{ params.get('realm_roles_mapping', True)|json }}"
       }
     }{%- if not (loop.last and outer_loop.last) %},{%- endif %}
         {%- endif %}
       {%- endfor %}
     {%- endfor %}
   ]
 }{%- if not loop.last %},{%- endif %}

 {%- endfor %}
	{%- for realm_name, realm in realms.iteritems() %}

	{
	"id": "{{ realm.get('id', realm_name) }}",
	"realm": "{{ realm_name }}",
	"enabled": {{ realm.get('enabled', true)\|json }},
	"sslRequired": "external",
	"requiredCredentials": [ "password" ],
	"clients": [
	{%- for client_name, client in realm.get('client', {}).iteritems() %}
	{
	"clientId": "{{ client_name }}",
	"enabled": {{ client.get("enabled", True)\|json }},
	"baseUrl": "{{ client.base_url }}",
	"redirectUris": {{ client.redirect_uris\|json }},
	{%- if client.web_origins is defined %}
	"webOrigins": {{ client.web_origins\|json }},
	{%- endif %}
	"publicClient": {{ client.get('public_client', False)\|json }},
	"adminUrl": "{{ client.admin_url }}",
	"directAccessGrantsEnabled": {{ client.get('direct_access_grants_enabled', False)\|json }},
	"secret": "{{ client.secret }}",
	"fullScopeAllowed": true,
	"protocolMappers": [
	{%- for type, mapper in client.get('protocol_mapper', {}).iteritems() %}
	{%- set outer_loop = loop %}
	{%- for _, params in mapper.iteritems() %}
	{%- if type == "oidc-usermodel-property-mapper" %}
	{
	"protocolMapper" : "oidc-usermodel-property-mapper",
	"protocol" : "openid-connect",
	"name" : "{{ params.name }}",
	"config" : {
	"Claim JSON Type" : "String",
	"user.attribute" : "{{ params.user_attribute }}",
	"claim.name" : "{{ params.claim_name }}",
	"id.token.claim" : "true",
	"access.token.claim" : "true"
	}
	}{%- if not (loop.last and outer_loop.last) %},{%- endif %}
	{%- elif type == "oidc-full-name-mapper" %}
	{
	"protocolMapper" : "oidc-full-name-mapper",
	"protocol" : "openid-connect",
	"name" : "{{ params.name }}",
	"config" : {
	"id.token.claim" : "true",
	"access.token.claim" : "true"
	}
	}{%- if not (loop.last and outer_loop.last) %},{%- endif %}
	{%- endif %}
	{%- endfor %}
	{%- endfor %}
	]
	}{%- if not loop.last %},{%- endif %}
	{%- endfor %}
	],
	"userFederationProviders": [
	{%- for provider_name, provider in realm.get("federation_provider", {}).iteritems() %}
	{
	"displayName": "{{ provider.display_name }}",
	"providerName": "{{ provider_name }}",
	"priority": 1,
	"fullSyncPeriod": -1,
	"changedSyncPeriod": -1,
	"config": {
	"pagination" : "true",
	"debug" : "false",
	"searchScope" : "1",
	"connectionPooling" : "true",
	"usersDn" : "{{ provider.users_dn }}",
	"userObjectClasses" : "{{ provider.get('user_object_classes', 'inetOrgPerson') }}",
	"usernameLDAPAttribute" : "{{ provider.get('username_ldap_attribute', 'uid') }}",
	"bindDn" : "{{ provider.bind_dn }}",
	"bindCredential" : "{{ provider.bind_credential }}",
	"rdnLDAPAttribute" : "{{ provider.get('rdn_ldap_attribute', 'uid') }}",
	"vendor" : "other",
	"editMode" : "{{ provider.get('edit_mode', 'READ_ONLY') }}",
	"uuidLDAPAttribute" : "{{ provider.get('uuid_ldap_attribute', 'entryUUID') }}",
	"connectionUrl" : "{{ provider.get('connection_url', 'ldap://localhost:389') }}",
	"syncRegistrations" : "{{ provider.get('sync_registrations', False)\|json }}",
	"authType" : "simple"
	}
	}{%- if not loop.last %},{%- endif %}
	{%- endfor %}
	],
	"userFederationMappers" : [
	{%- for type, mapper in realm.get('federation_mapper', {}).iteritems() %}
	{%- set outer_loop = loop %}
	{%- for _, params in mapper.iteritems() %}
	{%- if type == "user-attribute-ldap-mapper" %}
	{
	"name" : "{{ params.name }}",
	"federationMapperType" : "user-attribute-ldap-mapper",
	"federationProviderDisplayName" : "{{ params.provider_display_name }}",
	"config" : {
	"ldap.attribute" : "{{ params.ldap_attribute }}",
	"user.model.attribute" : "{{ params.model_attribute }}",
	"is.mandatory.in.ldap" : "{{ params.get('mandatory', True)\|json }}",
	"read.only" : "{{ params.get('read_only', False)\|json }}",
	"always.read.value.from.ldap" : "{{ params.get('always_read', False)\|json }}"
	}
	}{%- if not (loop.last and outer_loop.last) %},{%- endif %}
	{%- elif type == "role-ldap-mapper" %}
	{
	"name" : "{{ params.name }}",
	"federationMapperType" : "role-ldap-mapper",
	"federationProviderDisplayName" : "{{ params.provider_display_name }}",
	"config" : {
	"roles.dn" : "{{ params.roles_dn }}",
	"membership.ldap.attribute" : "{{ params.get('membership_ldap_attribute', 'memberUid') }}",
	"role.name.ldap.attribute" : "{{ params.get('role_name_ldap_attribute', 'cn') }}",
	"role.object.classes" : "{{ params.get('role_object_classes', 'posixGroup') }}",
	"mode" : "{{ params.get('mode', 'LDAP_ONLY') }}",
	"use.realm.roles.mapping" : "{{ params.get('realm_roles_mapping', True)\|json }}"
	}
	}{%- if not (loop.last and outer_loop.last) %},{%- endif %}
	{%- endif %}
	{%- endfor %}
	{%- endfor %}
	]
	}{%- if not loop.last %},{%- endif %}

	{%- endfor %}