From 79321ba4a4089b80484c9d805654d1288079b2bb Mon Sep 17 00:00:00 2001
From: Giovanni Toraldo <giovanni.toraldo@hyland.com>
Date: Fri, 22 Sep 2023 10:06:59 +0200
Subject: [PATCH] Configure SSO in repository

---
 roles/repository/tasks/main.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/roles/repository/tasks/main.yml b/roles/repository/tasks/main.yml
index aab05315b..bb302fbec 100644
--- a/roles/repository/tasks/main.yml
+++ b/roles/repository/tasks/main.yml
@@ -345,6 +345,17 @@
         path: "{{ content_folder }}/web-server/conf"
         state: absent
 
+    - name: Configure identity service when available
+      when: groups.identity | default([]) # FIXME and external?
+      vars:
+        sso_repository_properties:
+          authentication.chain: identity-service1:identity-service,alfrescoNtlm1:alfrescoNtlm
+          identity-service.auth-server-url: "http://{{ identity_host }}:8080/auth" # FIXME
+          identity-service.resource: "{{ identity_client_id }}"
+          identity-service.credentials.secret: "{{ identity_client_secret }}" # required only if client is not set to public
+      ansible.builtin.set_fact:
+        repository_properties: "{{ repository_properties | ansible.builtin.combine(sso_repository_properties) }}"
+
     - name: Create alfresco-global.properties main snippet
       vars:
         merged_repository_properties: >-