-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Setup example customer domain/realm for federation #596
Comments
I got some notes about what should we make:
I think I didn't forget anything. |
MR created, still in draft status until we figure out how to modify the requirements status of the steps in the login flow. |
Added an initial version to the docs. SovereignCloudStack/docs#190 |
Currently there is a small problem to finish the ansible-playbook: Here is a snippet of what I've tried. The main idea is to create the json file and then use it on the next call.
|
My current approach is to create the files, create a task that does the kubectl cp into the kc pod and finally run the kcadmin command |
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html You have to do it this way:
You try to use a shell command. If you want to do it this way (ansible.builtin.copy is better) you have to use the ansible.builtin.shell task. |
I've tried that but the file created ends up on the osism-ansible container, then I try to
Currently I have the files correctly created on |
What means "but it doesn't work"? Can you please paste the error message of the failed task. The file |
The files exists in the osism-ansible container:
|
This is your issue: For me it looks like the |
|
Found a suitable solution, I'll bake into the scs-keycloak container a script that creates the required files, so it can be called from the playbook. My PoC has worked today so tomorrow there will be a MR to the container repo. The playbook MR still needs some fixes, but its on a good state right now. |
Part of SovereignCloudStack/issues#596 Signed-off-by: Juan Pedro Torres <juan.torres-munoz@univention.de>
As a SCS Operator, I want to see an example of how to setup Keycloak and Keystone mapping so that a new customer domain/realm can onboard it's federated users.
Acceptance Criteria:
Definition of Ready:
Definition of Done:
The text was updated successfully, but these errors were encountered: