From 04e5d830348c04619f0e9796d937c12b44b32aee Mon Sep 17 00:00:00 2001
From: Kristian Klausen <kristian@klausen.dk>
Date: Fri, 18 Sep 2020 06:14:30 +0200
Subject: [PATCH] keycloak: Add WebAuthn policy

Fix #120
---
 tf-stage2/keycloak.tf | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/tf-stage2/keycloak.tf b/tf-stage2/keycloak.tf
index 584122867..c7f2769b0 100644
--- a/tf-stage2/keycloak.tf
+++ b/tf-stage2/keycloak.tf
@@ -58,11 +58,12 @@ resource "keycloak_realm" "archlinux" {
   verify_email = true
   login_with_email_allowed = true
   password_policy = "length(8) and notUsername"
-  // TODO: WebAuthn policy
-  // https://github.com/mrparkers/terraform-provider-keycloak/issues/355
-  // "Relying Party Entity Name": "Arch Linux SSO"
-  // "Relying Party ID": "accounts.archlinux.org"
-  // "Signature Algorithms": "ES256, ES384, ES512"
+
+  web_authn_policy {
+    relying_party_entity_name = "Arch Linux SSO"
+    relying_party_id          = "accounts.archlinux.org"
+    signature_algorithms      = ["ES256", "RS256", "ES512"]
+  }
 
   login_theme = "archlinux"
   account_theme = "archlinux"
-- 
GitLab