You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
-`roles/keycloak/tasks/oidc-clients.yml` — idempotent OIDC client provisioning for all services in `keycloak_oidc_clients`: check existing, create missing, retrieve client UUID, retrieve/assert client secret into `keycloak_client_secrets` dict
24
+
-`roles/keycloak/templates/oidc-client.json.j2` — full OIDC client template with 4 protocol mappers (email, given_name, family_name, groups), backchannel logout, post-logout redirect
25
+
-`roles/nextcloud/tasks/keycloak-oidc.yml` — configure `user_oidc` app via `occ`: install/enable app, delete stale provider, register Keycloak discovery URI + client credentials, `allow_multiple_user_backends`, button text, assert discovery URL reachable
26
+
-`roles/keycloak/tasks/main.yml` — added `oidc-clients.yml` import guarded by `keycloak_provision_oidc_clients`
27
+
-`roles/nextcloud/tasks/main.yml` — added `keycloak-oidc.yml` import guarded by `nextcloud_enable_keycloak_oidc`
28
+
29
+
**Integration test (`it-stack-nextcloud`):**
30
+
-`docker/nextcloud-ldap-seed.ldif` — FreeIPA-compatible LDAP seed: `cn=accounts` tree, 3 users (`ncadmin`, `ncuser1`, `ncuser2`) with `inetOrgPerson`, groups `cn=admins` + `cn=nc-users` with `groupOfNames`
31
+
-`docker/docker-compose.integration.yml` — added `nc-int-ldap-seed` init service (applies LDIF to OpenLDAP); `nc-int-keycloak` now depends on `service_completed_successfully` (ldap-seed)
32
+
-`tests/labs/test-lab-06-05.sh` — extended with 4 new sections: 3b LDAP seed verification (3 users, 2 groups), 8 LDAP full sync into Keycloak + user_oidc app enabled check, 9 OIDC provider registration (occ), 10 OIDC token endpoint + Nextcloud bearer API auth; renumbered Cron→11, WebDAV→12
0 commit comments