ansible-middleware · guidograzioli · Apr 19, 2024 · Apr 17, 2024 · Apr 17, 2024 · Apr 18, 2024
diff --git a/roles/keycloak_quarkus/meta/argument_specs.yml b/roles/keycloak_quarkus/meta/argument_specs.yml
@@ -338,6 +338,12 @@ argument_specs:
                 description: >
                   If the route should be attached to cookies to reflect the node that owns a particular session. If false, route is not attached to cookies
                   and we rely on the session affinity capabilities from reverse proxy
+            keycloak_quarkus_hostname_strict_https:
+                type: "bool"
+                description: >
+                  By default, Keycloak requires running using TLS/HTTPS. If the service MUST run without TLS/HTTPS, then set
+                  this option to "true"
+
     downstream:
         options:
             rhbk_version:

diff --git a/roles/keycloak_quarkus/templates/keycloak.conf.j2 b/roles/keycloak_quarkus/templates/keycloak.conf.j2
@@ -10,6 +10,13 @@ db-password={{ keycloak_quarkus_db_pass }}
 {% endif %}
 {% endif %}
 
+{% if keycloak_quarkus_hostname_strict_https is defined and keycloak_quarkus_hostname_strict_https is sameas true -%}
+hostname-strict-https=true
+{% endif -%}
+{% if keycloak_quarkus_hostname_strict_https is defined and keycloak_quarkus_hostname_strict_https is sameas false -%}
+hostname-strict-https=false
+{% endif -%}
+
 {% if keycloak.config_key_store_enabled %}
 # Config store
 config-keystore={{ keycloak_quarkus_config_key_store_file }}