infra/tf/keycloak-normal-flow.tf

38 lines
1.3 KiB
Terraform
Raw Normal View History

resource "keycloak_authentication_flow" "webauthn_browser" {
realm_id = keycloak_realm.dev.id
alias = "webauthn_browser"
description = "browser based authentication"
}
resource "keycloak_authentication_execution" "auth_cookie" {
realm_id = keycloak_realm.dev.id
parent_flow_alias = keycloak_authentication_flow.webauthn_browser.alias
authenticator = "auth-cookie"
requirement = "ALTERNATIVE"
}
resource "keycloak_authentication_subflow" "webauthn_flow" {
realm_id = keycloak_realm.dev.id
alias = "webauthn browser forms"
description = "Username, password, otp and other auth forms."
parent_flow_alias = keycloak_authentication_flow.webauthn_browser.alias
provider_id = "basic-flow"
requirement = "ALTERNATIVE"
depends_on = [ keycloak_authentication_execution.auth_cookie ]
}
resource "keycloak_authentication_execution" "user_pass" {
realm_id = keycloak_realm.dev.id
parent_flow_alias = keycloak_authentication_subflow.webauthn_flow.alias
authenticator = "auth-username-password-form"
requirement = "REQUIRED"
}
resource "keycloak_authentication_execution" "webauthn" {
realm_id = keycloak_realm.dev.id
parent_flow_alias = keycloak_authentication_subflow.webauthn_flow.alias
authenticator = "webauthn-authenticator"
requirement = "REQUIRED"
}