Difference between IdentityService and IdentityProvider

muh.ashlah · July 25, 2017, 3:34am

I was trying to create my custom identity service and found this documentation about Identity Service.

Stated

To provide a custom identity provider implementation, the following interfaces can be implemented:

org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProvider

org.camunda.bpm.engine.impl.identity.WritableIdentityProvider

So now I know how to create my own custom identity provider.

But then, the only way i found to register my custom identity provider to my process engine is through ProcessEngineConfigurationImpl’s method (setIdentityService), and the method just accept IdentityService which I haven’t found any relation to ReadOnlyIdentityProvider nor WriteableIdentityProvider (got an error message in IntellIj IDEA)

setIdentityService(org.camunda.bpm.engine.IdentityService) in ProcessEngineConfigurationImpl cannot be applied to (CustomIdentityProvider)

(my CustomIdentityProvider implements the ReadOnlyIdentityProvider)

So, my question is: What is the different of IdentityService with IdentityProvider?

Zelldon · July 26, 2017, 7:08am

Hi,

the IdentityProvider interface is the SPI, which have to be implemented if you want to use your own identity implementation.
The IdentityService is the API, which will use the IdentityProvider, and represents the service to manage user and groups.

There are different ways to set your identity provider.
This can for example be done via config.xml, see this config.xml which is used in the platform tests:

<beans xmlns="http://www.springframework.org/schema/beans" 
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans   http://www.springframework.org/schema/beans/spring-beans.xsd">

  <bean id="processEngineConfiguration" class="org.camunda.bpm.engine.impl.cfg.StandaloneInMemProcessEngineConfiguration">
...
  <property name="identityProviderSessionFactory">
        <bean class="org.camunda.bpm.engine.impl.persistence.GenericManagerFactory">
            <constructor-arg value="org.camunda.bpm.engine.impl.identity.db.DbReadOnlyIdentityServiceProvider" />
        </bean>
    </property>
</beans>

OR you do it, like it is done in the LDAP Plugin. Then you have to implement the SessionFactory interface as well,
see as example the LdapIdentityProviderFactory. This factory will be used to instantiate the provider. You have to set the factory on the process engine configuration like it is done in the LdapIdentityProviderPlugin.

    LdapIdentityProviderFactory ldapIdentityProviderFactory = new LdapIdentityProviderFactory();
    ldapIdentityProviderFactory.setLdapConfiguration(this);
    processEngineConfiguration.setIdentityProviderSessionFactory(ldapIdentityProviderFactory);

Hope it helps.

Greets,
Chris

muh.ashlah · July 27, 2017, 3:53am

Hi @Zelldon,

Thanks for your explanation.

I’ve understand the main difference now, but still confused on how implementing my custom identity service. Should I also extends the IdentityService and also implement the SessionFactory (in this case, I want to avoid using ldap plugin)? I really got confused.

Could you please comment in this thread?

Big Thanks,
Ashlah

system · January 30, 2024, 10:55am