feat(ops/keycloak): Set up oauth2_proxy client
Change-Id: I996d9644ed7e870d6e5a42af117eafbf841da679 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4640 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: Profpatsch <mail@profpatsch.de>
This commit is contained in:
parent
7b3c0b3e2f
commit
e8fa347fd1
1 changed files with 21 additions and 0 deletions
|
@ -38,3 +38,24 @@ resource "keycloak_ldap_user_federation" "tvl_ldap" {
|
||||||
"organizationalPerson",
|
"organizationalPerson",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "keycloak_openid_client" "oauth2_proxy" {
|
||||||
|
realm_id = keycloak_realm.tvl.id
|
||||||
|
client_id = "oauth2-proxy"
|
||||||
|
name = "TVL OAuth2 Proxy"
|
||||||
|
enabled = true
|
||||||
|
access_type = "CONFIDENTIAL"
|
||||||
|
standard_flow_enabled = true
|
||||||
|
|
||||||
|
valid_redirect_uris = [
|
||||||
|
"https://login.tvl.fyi/oauth2/callback"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "keycloak_openid_audience_protocol_mapper" "panettone_audience" {
|
||||||
|
realm_id = keycloak_realm.tvl.id
|
||||||
|
client_id = keycloak_openid_client.oauth2_proxy.id
|
||||||
|
name = "panettone-audience"
|
||||||
|
|
||||||
|
included_custom_audience = "b"
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue