Camunda Keycloak Identity Provider Plugin

Hi @Tristan_MARIE I would like to have your code . Pls mail on tanmay.naik@accionlabs.com

Hi, sorry for the late answer @VonDerBeck,

Made a few tweaks so “disableSSLCertificateValidation: true” works (it wasn’t on my computer), and some other changes linked to " useEmailAsCamundaUserId: true", which wasn’t working otherwise.
Note that you can’t make it work with username with my changes.

Because of these changes, you should not modify any application properties but these:

keycloak.url.client
keycloak.realm
keycloak.client
keycloak.secret
plugin.identity.keycloak.disableSSLCertificateValidation

Here is the project on github @Tanmay_Naik @VonDerBeck :

1 Like

Hi @Tristan_MARIE I can’t see your project in the given url

I updated it, had forgot to add files !

Hi @Tristan_MARIE i can’t see the implementation of REST API in camunda keycloak showcase project

You don’t have to implement anything, you just use it as you would do normally.

Just the base url is a bit different, but you should be able to reach it from:

http://yourhost:port/api/engine/engine/default/the endpoint

Notice the ‘engine/engine’ ; it is not a typo!

You just have to include your Authorization bearer token in your headers.
You also need the proper Camunda’s Authorizations (configurable in the cockpit).

Hi @Tristan_MARIE I have put access token as a bearer token in headers .

But no response 404

Hi, try GET http://localhost:8080/api/engine/engine/default/user, you can’t post on this endpoint.
I also missed the api/ part in my previous answer, sorry.
edit:
For your postman, just a little tip, you can put your token in the Authorization part as such:


For instance, my {{token}} variable is an environnent var which is initialized thanks to a test script when I request my token:

var jsonData = pm.response.json();
tests["access token exists " + jsonData.access_token] = jsonData.access_token != undefined;
pm.globals.set("token", jsonData.access_token);
pm.test("Status code is 200", function () {
   pm.response.to.have.status(200);
});

Hi @Tristan_MARIE tried this too same not working

@Tristan_MARIE Any configuration done in admin panel of the camunda.

Hi, is your keycloak user in the camunda’s admin group ?
The name of this admin group is configured by administratorGroupName in your application.properties.
Another way to give the permission is to add your user/group id in the ‘User Authorizations’ tab, as such:

Hi @Tristan_MARIE


Still the same

@Tristan_MARIE



Still the same 404

In your keycloak, did you made your user member of ‘camunda-admin’ ?
My configuration looks like this:


g-demande-bpm-admin being the camunda admin group

Hi @Tristan_MARIE

yes i have

This is really weird, this is the response I get when I try to reach a non-existing endpoint:

{
    "timestamp": "2019-07-17T12:51:10.444+0000",
    "status": 404,
    "error": "Not Found",
    "message": "Not Found",
    "path": "/api/engine/engine/default/uer/"
}

You aren’t getting something like that, but an HTML page instead.
Try going on this URL: http://localhost:8080/app/admin/default/#/users?searchQuery=[] with dev tools enabled, so you can see the requests camunda is making.
As an example, i’m getting this:


Maybe you somehow have another base url

Hi @Tristan_MARIE
tried but no progress

Tried with [http://localhost:8080/app/admin/default/#/users?searchQuery=](http://localhost:8080/app/admin/default/#/users?searchQuery=[]

Looks like your second tab is the one I wanted you to go in, refresh it with dev tools

@Tristan_MARIE

tried this too