AFS
/
xdr-terraform-modules


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132
							# Unfortunately, documentation on this is lacking. I started to get close, so i want to leave it, but keycloak configuration is being done by hand.
#
# See https://www.keycloak.org/docs/10.0/server_admin/#_x509
#

#resource "keycloak_authentication_flow" "x509-browser" {
#  realm_id = keycloak_realm.realm.id
#  alias    = "X.509 Browser"
#}
#
## Note: the ordering of authentication executions within a flow must be specified using depends_on.
##
## Unfortunately, there is very little doc on what 'authenticator's are available. See https://github.com/mrparkers/terraform-provider-keycloak/issues/411
## But there are some examples in https://github.com/mrparkers/terraform-provider-keycloak/blob/master/example/main.tf
#resource "keycloak_authentication_execution" "execution_1" {
#  realm_id          = keycloak_realm.realm.id
#  parent_flow_alias = keycloak_authentication_flow.x509-browser.alias
#  authenticator     = "auth-cookie"
#  requirement       = "ALTERNATIVE"
#}
#
#resource "keycloak_authentication_execution" "execution_2" {
#  realm_id          = keycloak_realm.realm.id
#  parent_flow_alias = keycloak_authentication_flow.x509-browser.alias
#  authenticator     = "auth-spnego" # "kerberos"
#  requirement       = "DISABLED"
#
#  depends_on = [
#    keycloak_authentication_execution.execution_1
#  ]
#}
#
#resource "keycloak_authentication_execution" "execution_3" {
#  realm_id          = keycloak_realm.realm.id
#  parent_flow_alias = keycloak_authentication_flow.x509-browser.alias
#  authenticator     = "identity-provider-redirector"
#  requirement       = "ALTERNATIVE"
#
#  depends_on = [
#    keycloak_authentication_execution.execution_2
#  ]
#}
#
#resource "keycloak_authentication_execution" "execution_3" {
#  realm_id          = keycloak_realm.realm.id
#  parent_flow_alias = keycloak_authentication_flow.x509-browser.alias
#  authenticator     = "identity-provider-redirector"
#  requirement       = "ALTERNATIVE"
#
#  depends_on = [
#    keycloak_authentication_execution.execution_2
#  ]
#}
#
#resource "keycloak_authentication_subflow" "subflow_3" {
#  realm_id          = keycloak_realm.realm.id
#  parent_flow_alias = keycloak_authentication_flow.x509-browser.alias
#  alias             = "browser-copy-flow-forms"
#  requirement       = "ALTERNATIVE"
#  depends_on        = [
#    keycloak_authentication_execution.execution_3
#  ]
#}
#
#resource "keycloak_authentication_execution" "execution_4" {
#  realm_id          = keycloak_realm.realm.id
#  parent_flow_alias = keycloak_authentication_subflow.subflow_3.alias
#
#  authenticator     = "auth-username-password-form"
#  requirement       = "REQUIRED"
#  depends_on        = [
#    keycloak_authentication_subflow.subflow_3
#  ]
#}
#
## No OTPs for us?
##resource "keycloak_authentication_execution" "execution_6" {
##  realm_id          = keycloak_realm.realm.id
##  parent_flow_alias = keycloak_authentication_flow.x509-browser.alias
##  authenticator     = "auth-otp-form"
##  requirement       = "REQUIRED"
##  depends_on        = [
##    keycloak_authentication_execution.execution_3
##  ]
##}
#
##resource "keycloak_authentication_execution_config" "config" {
##  realm_id          = keycloak_realm.realm.id
##  parent_flow_alias = keycloak_authentication_flow.x509-browser.alias
##  alias        = "idp-XXX-config"
##  config       = {
##    defaultProvider = "idp-XXX"
##  }
##  depends_on        = [
##    keycloak_authentication_execution.execution_3
##  ]
##}
##


#TODO:
#resource "keycloak_openid_client" "test_client" {
#  client_id   = "test-openid-client"
#  name        = "test-openid-client"
#  realm_id    = keycloak_realm.test.id
#  description = "a test openid client"
#
#  standard_flow_enabled    = true
#  service_accounts_enabled = true
#
#  access_type = "CONFIDENTIAL"
#
#  valid_redirect_uris = [
#    "http://localhost:5555/callback",
#  ]
#
#  client_secret = "secret"
#
#  pkce_code_challenge_method = "plain"
#
#  login_theme = "keycloak"
#}


#resource "keycloak_required_action" "custom-terms-and-conditions" {
#  realm_id       = keycloak_realm.realm.realm
#  alias          = "terms_and_conditions"
#  default_action = true
#  enabled        = true
#  name           = "Custom Terms and Conditions"
#}