From 379db770c586efb3f2cd2f91092d309c83d6e17a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christer=20War=C3=A9n?= <cwchristerw@gmail.com>
Date: Sat, 29 Nov 2025 16:20:34 +0200
Subject: [PATCH] keycloak_realm: add webAuthnPolicyPasswordlessPasskeysEnabled
 param (#11197)

* keycloak_realm: add webAuthnPolicyPasswordlessPasskeysEnabled param

* Changelog Fragment - 11197

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

* Fix typo in changelog fragment filename

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
---
 ...realm-webauthnpolicypasswordlesspasskeysenabled.yml |  2 ++
 plugins/modules/keycloak_realm.py                      | 10 ++++++++++
 2 files changed, 12 insertions(+)
 create mode 100644 changelogs/fragments/11197-keycloak-realm-webauthnpolicypasswordlesspasskeysenabled.yml

diff --git a/changelogs/fragments/11197-keycloak-realm-webauthnpolicypasswordlesspasskeysenabled.yml b/changelogs/fragments/11197-keycloak-realm-webauthnpolicypasswordlesspasskeysenabled.yml
new file mode 100644
index 0000000000..13e94b346e
--- /dev/null
+++ b/changelogs/fragments/11197-keycloak-realm-webauthnpolicypasswordlesspasskeysenabled.yml
@@ -0,0 +1,2 @@
+minor_changes:
+  - keycloak_realm - add ``webAuthnPolicyPasswordlessPasskeysEnabled`` parameter (https://github.com/ansible-collections/community.general/pull/11197).
\ No newline at end of file
diff --git a/plugins/modules/keycloak_realm.py b/plugins/modules/keycloak_realm.py
index 0f5d421cc1..2e96d09265 100644
--- a/plugins/modules/keycloak_realm.py
+++ b/plugins/modules/keycloak_realm.py
@@ -732,6 +732,13 @@ options:
     type: list
     version_added: 11.3.0
     elements: str
+  web_authn_policy_passwordless_passkeys_enabled:
+    description:
+      - Enable passkeys (conditional UI) authentication in the username forms.
+    aliases:
+      - webAuthnPolicyPasswordlessPasskeysEnabled
+    type: bool
+    version_added: 12.1.0
 
 extends_documentation_fragment:
   - community.general.keycloak
@@ -1005,6 +1012,9 @@ def main():
         web_authn_policy_passwordless_extra_origins=dict(
             type="list", elements="str", aliases=["webAuthnPolicyPasswordlessExtraOrigins"], no_log=False
         ),
+        web_authn_policy_passwordless_passkeys_enabled=dict(
+            type="bool", aliases=["webAuthnPolicyPasswordlessPasskeysEnabled"]
+        ),
     )
 
     argument_spec.update(meta_args)