about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ops/keycloak/main.tf41
1 files changed, 26 insertions, 15 deletions
diff --git a/ops/keycloak/main.tf b/ops/keycloak/main.tf
index 7e9dd4b5b9c5..c5f8c6b6d736 100644
--- a/ops/keycloak/main.tf
+++ b/ops/keycloak/main.tf
@@ -107,23 +107,34 @@ resource "keycloak_openid_client" "gerrit" {
   ]
 }
 
-resource "keycloak_openid_client" "buildkite" {
-  realm_id                                 = keycloak_realm.tvl.id
-  client_id                                = "https://buildkite.com"
-  name                                     = "Buildkite"
-  enabled                                  = true
-  access_type                              = "CONFIDENTIAL"
-  standard_flow_enabled                    = true
-  base_url                                 = "https://buildkite.com/sso/tvl"
-  direct_access_grants_enabled             = false
-  exclude_session_state_from_auth_response = false
-  backchannel_logout_session_required      = false
+resource "keycloak_saml_client" "buildkite" {
+  realm_id  = keycloak_realm.tvl.id
+  client_id = "https://buildkite.com"
+  name      = "Buildkite"
+  base_url  = "https://buildkite.com/sso/tvl"
+
+  client_signature_required   = false
+  assertion_consumer_post_url = "https://buildkite.com/sso/~/1531aca5-f49c-4151-8832-a451e758af4c/saml/consume"
 
   valid_redirect_uris = [
-    "https://buildkite.com/sso/~/1531aca5-f49c-4151-8832-a451e758af4c/saml/consume",
+    "https://buildkite.com/sso/~/1531aca5-f49c-4151-8832-a451e758af4c/saml/consume"
   ]
+}
 
-  web_origins = [
-    "https://buildkite.com",
-  ]
+resource "keycloak_saml_user_attribute_protocol_mapper" "buildkite_email" {
+  realm_id                   = keycloak_realm.tvl.id
+  client_id                  = keycloak_saml_client.buildkite.id
+  name                       = "buildkite-email-mapper"
+  user_attribute             = "email"
+  saml_attribute_name        = "email"
+  saml_attribute_name_format = "Unspecified"
+}
+
+resource "keycloak_saml_user_attribute_protocol_mapper" "buildkite_name" {
+  realm_id                   = keycloak_realm.tvl.id
+  client_id                  = keycloak_saml_client.buildkite.id
+  name                       = "buildkite-name-mapper"
+  user_attribute             = "displayName"
+  saml_attribute_name        = "name"
+  saml_attribute_name_format = "Unspecified"
 }
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-11-01T23ยท27+0000