Resource Type: keycloak_identity_provider

Defined in:
lib/puppet/type/keycloak_identity_provider.rb
Providers:
kcadm

Overview

Manage Keycloak identity providers

Examples:

Add CILogon identity provider to test realm

keycloak_identity_provider { 'cilogon on test':
  ensure                         => 'present',
  display_name                   => 'CILogon',
  provider_id                    => 'oidc',
  first_broker_login_flow_alias  => 'browser',
  client_id                      => 'cilogon:/client_id/foobar',
  client_secret                  => 'supersecret',
  user_info_url                  => 'https://cilogon.org/oauth2/userinfo',
  token_url                      => 'https://cilogon.org/oauth2/token',
  authorization_url              => 'https://cilogon.org/authorize',
}

Properties

  • add_read_token_role_on_create (defaults to: false)

    addReadTokenRoleOnCreate

    Supported values:
    • true
    • false
  • allowed_clock_skew

    allowedClockSkew

  • authenticate_by_default (defaults to: false)

    authenticateByDefault

    Supported values:
    • true
    • false
  • authorization_url

    authorizationUrl

  • backchannel_supported (defaults to: false)

    backchannelSupported

    Supported values:
    • true
    • false
  • client_auth_method (defaults to: client_secret_post)

    clientAuthMethod

    Supported values:
    • client_secret_post
    • client_secret_basic
    • client_secret_jwt
    • private_key_jwt
  • client_id

    clientId

  • client_secret

    clientSecret

  • default_scope

    default_scope

  • disable_user_info (defaults to: false)

    disableUserInfo

    Supported values:
    • true
    • false
  • display_name

    displayName

  • enabled (defaults to: true)

    enabled

    Supported values:
    • true
    • false
  • ensure (defaults to: present)

    The basic property that the resource should be in.

    Supported values:
    • present
    • absent
  • first_broker_login_flow_alias (defaults to: first broker login)

    firstBrokerLoginFlowAlias

  • forward_parameters

    forwardParameters

  • gui_order

    guiOrder

  • hide_on_login_page (defaults to: false)

    hideOnLoginPage

    Supported values:
    • true
    • false
  • issuer

    issuer

  • jwks_url

    jwksUrl

  • link_only (defaults to: false)

    linkOnly

    Supported values:
    • true
    • false
  • login_hint (defaults to: false)

    loginHint

    Supported values:
    • true
    • false
  • logout_url

    logoutUrl

  • post_broker_login_flow_alias

    postBrokerLoginFlowAlias

  • prompt

    prompt

    Supported values:
    • none
    • consent
    • login
    • select_account
  • store_token (defaults to: false)

    storeToken

    Supported values:
    • true
    • false
  • sync_mode (defaults to: IMPORT)

    syncMode

    Supported values:
    • IMPORT
    • LEGACY
    • FORCE
  • token_url

    tokenUrl

  • trust_email (defaults to: false)

    trustEmail

    Supported values:
    • true
    • false
  • ui_locales (defaults to: false)

    uiLocales

    Supported values:
    • true
    • false
  • update_profile_first_login_mode (defaults to: on)

    updateProfileFirstLoginMode

    Supported values:
    • on
    • off
  • use_jwks_url (defaults to: true)

    useJwksUrl

    Supported values:
    • true
    • false
  • user_info_url

    userInfoUrl

  • validate_signature (defaults to: false)

    validateSignature

    Supported values:
    • true
    • false

Parameters

  • alias

    The identity provider name. Defaults to name.

  • internal_id

    internalId. Defaults to “alias-realm

  • name (namevar)

    The identity provider name

  • provider

    The specific backend to use for this keycloak_identity_provider resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

  • provider_id (defaults to: oidc)

    providerId

    Supported values:
    • oidc
    • keycloak-oidc
  • realm

    realm