Resource Type: keycloak_client

Defined in:
lib/puppet/type/keycloak_client.rb
Providers:
kcadm

Overview

Manage Keycloak clients

Examples:

Add a OpenID Connect client

keycloak_client { 'www.example.com':
  ensure                => 'present',
  realm                 => 'test',
  redirect_uris         => [
    "https://www.example.com/oidc",
    "https://www.example.com",
  ],
  default_client_scopes => ['profile','email'],
  secret                => 'supersecret',
}

Properties

  • access_token_lifespan

    access.token.lifespan

  • admin_url

    adminUrl

  • authorization_services_enabled (defaults to: false)

    authorizationServicesEnabled

    Supported values:
    • true
    • false
  • backchannel_logout_url

    backchannel.logout.url

  • base_url

    baseUrl

  • bearer_only (defaults to: false)

    bearerOnly

    Supported values:
    • true
    • false
  • browser_flow (defaults to: absent)

    authenticationFlowBindingOverrides.browser (Use flow alias, not ID)

  • client_authenticator_type (defaults to: client-secret)

    clientAuthenticatorType

  • default_client_scopes (defaults to: [])

    defaultClientScopes

  • direct_access_grants_enabled (defaults to: true)

    enabled

    Supported values:
    • true
    • false
  • direct_grant_flow (defaults to: absent)

    authenticationFlowBindingOverrides.direct_grant (Use flow alias, not ID)

  • enabled (defaults to: true)

    enabled

    Supported values:
    • true
    • false
  • ensure (defaults to: present)

    The basic property that the resource should be in.

    Supported values:
    • present
    • absent
  • full_scope_allowed (defaults to: true)

    fullScopeAllowed

    Supported values:
    • true
    • false
  • implicit_flow_enabled (defaults to: false)

    implicitFlowEnabled

    Supported values:
    • true
    • false
  • login_theme (defaults to: absent)

    login_theme

  • optional_client_scopes (defaults to: [])

    optionalClientScopes

  • protocol (defaults to: openid-connect)

    protocol

    Supported values:
    • openid-connect
    • saml
  • public_client (defaults to: false)

    enabled

    Supported values:
    • true
    • false
  • redirect_uris (defaults to: [])

    redirectUris

  • roles (defaults to: [])

    roles

  • root_url

    rootUrl

  • saml_artifact_binding_url

    saml_artifact_binding_url

  • saml_assertion_consumer_url_post

    saml_assertion_consumer_url_post

  • saml_assertion_signature

    saml.assertion.signature

  • saml_encrypt

    saml.encrypt

  • saml_encryption_certificate

    saml.encryption.certificate

  • saml_name_id_format

    saml_name_id_format

  • saml_signing_certificate

    saml.signing.certificate

  • saml_signing_private_key

    saml.signing.private.key

  • saml_single_logout_service_url_redirect

    saml_single_logout_service_url_redirect

  • secret

    secret

  • service_accounts_enabled (defaults to: false)

    serviceAccountsEnabled

    Supported values:
    • true
    • false
  • standard_flow_enabled (defaults to: true)

    standardFlowEnabled

    Supported values:
    • true
    • false
  • web_origins (defaults to: [])

    webOrigins

Parameters

  • client_id

    clientId. Defaults to name.

  • id

    Id. Defaults to client_id

  • name (namevar)

    The client name

  • provider

    The specific backend to use for this keycloak_client resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

  • realm

    realm