maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
snix/ops/keycloak/buildkite.tf
Florian Klink c706826aa9 feat(ops/keycloak): configure Buildkite SAML 
This enables logging in to Buildkite with SAML.

Fixes #95.

Change-Id: Ieaa87c660692953305619c2bd8270d2329bd7545
Reviewed-on: https://cl.snix.dev/c/snix/+/30478
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Jonas Chevalier <zimbatm@zimbatm.com>
2025-05-05 12:36:30 +00:00

35 lines
1.3 KiB
HCL
Raw Blame History

# On the Buildkite site, first create manually, then use
# $BUILDKITE_URL/realms/$realm/protocol/saml/descriptor as Meta Data URL
resource "keycloak_saml_client" "buildkite" {
realm_id = keycloak_realm.snix.id
client_id = "https://buildkite.com"
name = "Buildkite"
base_url = "https://buildkite.com/sso/snix"
client_signature_required = false
assertion_consumer_post_url = "https://buildkite.com/sso/~/01969dae-b653-4e3e-8056-eff685823c6f/saml/consume"
valid_redirect_uris = [
"https://buildkite.com/sso/~/01969dae-b653-4e3e-8056-eff685823c6f/saml/consume"
]
full_scope_allowed = false
}
resource "keycloak_saml_user_attribute_protocol_mapper" "buildkite_email" {
realm_id = keycloak_realm.snix.id
client_id = keycloak_saml_client.buildkite.id
name = "buildkite-email-mapper"
user_attribute = "email"
saml_attribute_name = "email"
saml_attribute_name_format = "Unspecified"
}
resource "keycloak_saml_user_attribute_protocol_mapper" "buildkite_name" {
realm_id = keycloak_realm.snix.id
client_id = keycloak_saml_client.buildkite.id
name = "buildkite-name-mapper"
user_attribute = "displayName"
saml_attribute_name = "name"
saml_attribute_name_format = "Unspecified"
}
Reference in a new issue View git blame Copy permalink