github.com/Venafi/vcert/v5@v5.10.2/examples/ansible/oauth2.ADFS_clientcredentials.yaml (about) 1 --- 2 - name: Authenticate to ADFS OAuth2.0 provider using Client Credentials Flow. 3 hosts: localhost 4 vars: 5 # The value of these variables are specific to the Application that is being automated. 6 # Each application or team should have a separate IDP application integration with separate credentials. 7 # Reuse of the same IDP integration across the entire company is not advised due to the access 8 # the Venafi service account will need to be given inside the TLSPC platform. 9 idp_token_url: <Your ADFS Token URL with https://> 10 idp_audience: <Your Audience value> 11 idp_client_id: <Your Client ID> 12 idp_client_secret: <Your Client Secret> 13 14 tasks: 15 - name: Authenticate to ADFS 16 ansible.builtin.uri: 17 url: '{{ idp_token_url }}' 18 method: POST 19 body_format: form-urlencoded 20 body: 21 # ADFS's Scope parameter is in format of <audience>/<scope> and provides both to the platform. 22 - [ scope, '{{ idp_audience }}/openid'] 23 # A redirect URI is needed as ADFS uses it along with the Client_id to to determine which 24 # Application Group and Server Application you are authenticating as. 25 # It must match exactly what is in your application group. 26 - [ redirect_uri, "http://localhost"] 27 - [ client_id, '{{ idp_client_id }}' ] 28 - [ client_secret, '{{ idp_client_secret }}' ] 29 - [ grant_type, client_credentials ] 30 status_code: 200 31 register: auth 32 33 - name: Execute VCert Playbook on WebApp Servers 34 #hosts: my_app_servers 35 hosts: <My inventory> 36 vars: 37 # The fully qualified path to the Vcert Playbook file is stored here. 38 # This should be the same for all hosts in the chosen inventory. 39 vcert_playbook_path: <Vcert Playbook Fully Qualified Path> 40 41 tasks: 42 - name : Execute VCert playbook with JWT. 43 shell: vcert run --file '{{ vcert_playbook_path }}' 44 environment: 45 TLSPC_EXTERNAL_JWT: '{{ auth.json.access_token }}' 46