infrastructure/roles/keycloak/templates/keycloak.conf.j2

hostname={{ inventory_hostname }}
spi-theme-welcome-theme=archlinux
metrics-enabled=true

http-enabled=true
http-host=127.0.0.1
http-port={{ keycloak_port }}
proxy=edge

db=postgres
db-username={{ vault_keycloak_db_user }}
db-password={{ vault_keycloak_db_password }}
db-url=jdbc:postgresql://localhost/{{ keycloak_db_name }}

# temporarily re-enable calling the logout endpoint with a 'redirect_uri' param
# https://www.keycloak.org/2022/04/keycloak-1800-released#_openid_connect_logout
spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true