terraform-provider-keycloak icon indicating copy to clipboard operation
terraform-provider-keycloak copied to clipboard

Published 20 hours ago verified publisher icon mrparkers

Add Social Identity Providers

Open peter-fe opened this issue 4 years ago • 10 comments

@mrparkers, first of all thank you very much for this great provider!

Actually I never used a provider before where importing existing stuff and including new resources worked that flawlessly!

The only thing I'm missing currently is the ability to config those pre defined "Social Identity Providers", that may would be a nice enhancement.

Best Peter

peter-fe avatar Aug 06 '20 08:08 peter-fe

Hi @peter-fe,

I'm so happy to hear that the provider has been working well for you.

If you happen to need the Google identity provider, then the good news is that this resource is actually supported by this terraform provider, it just isn't documented. https://github.com/mrparkers/terraform-provider-keycloak/blob/master/provider/resource_keycloak_oidc_google_identity_provider.go

If not, could you let me know which identity providers you're looking to use?

Thanks!

mrparkers avatar Aug 06 '20 15:08 mrparkers

Hi @mrparkers,

You nailed it (once more), it's the Google one I was looking for ;). Thx for the link I'll give it a try.

Best Peter

peter-fe avatar Aug 06 '20 17:08 peter-fe

Awesome! Just to give a quick example, here's the simple configuration that my current employer uses with their GSuite logins:

resource "keycloak_oidc_google_identity_provider" "google" {
  realm         = keycloak_realm.realm.id
  client_id     = var.google_identity_provider_client_id
  client_secret = var.google_identity_provider_client_secret
  trust_email   = true
  hosted_domain = "liatrio.com"
}

If you need more than that, the schema for this resource is the result of merging the schema for the link I posted above, and the schema for the generic identity provider, found here: https://github.com/mrparkers/terraform-provider-keycloak/blob/master/provider/generic_keycloak_identity_provider.go

mrparkers avatar Aug 06 '20 17:08 mrparkers

Great! I Think that's perfect!

peter-fe avatar Aug 06 '20 17:08 peter-fe

Hey @mrparkers,

Worked like a charm! Thank you!

resource "keycloak_oidc_google_identity_provider" "google" {
  realm         = keycloak_realm.realm.id
  client_id     = "<redacted>"
  client_secret = "<redacted>"
  trust_email   = true
  store_token   = false
  hosted_domain = "example.com"

  extra_config = {
    "syncMode" = "IMPORT"
  }
}

peter-fe avatar Aug 07 '20 06:08 peter-fe

@mrparkers I am trying to use keycloak_oidc_google_identity_provider but seems like google hard coded value for Alias is not allowing it to be used for Microsoft identity provider.

Is there anyway to configure it for Microsoft identity provider?

yogsoft avatar Aug 12 '20 21:08 yogsoft

@mrparkers Anyways, I managed Microsoft SSO using key-cloak OIDC resource.

yogsoft avatar Aug 18 '20 12:08 yogsoft

@mrparkers would there be by any chance a github identity provider also available but not documented?

maxlegault avatar Jan 26 '21 14:01 maxlegault

Turns out there's some magic when the identity provider has "github" as an alias & provider_id :)

resource "keycloak_oidc_identity_provider" "github" {
  realm = keycloak_realm.test-realm.realm
  alias = "github"
  provider_id = "github"
  client_id = "<client-id>"
  client_secret = "<client-secret>"
  token_url = ""
  authorization_url = ""
  add_read_token_role_on_create = true
  backchannel_supported = false
  default_scopes = "read:user read:org user:email"
}

maxlegault avatar Jan 26 '21 14:01 maxlegault

If you are missing any variable, you can add them via

extra_config = {
    otherParm  = "value"
  }

tomrutsaert avatar Jan 26 '21 14:01 tomrutsaert