Camunda Keycloak Identity Provider Plugin


#22

Hi @Tristan_MARIE I would like to have your code . Pls mail on tanmay.naik@accionlabs.com


#23

Hi, sorry for the late answer @VonDerBeck,

Made a few tweaks so “disableSSLCertificateValidation: true” works (it wasn’t on my computer), and some other changes linked to " useEmailAsCamundaUserId: true", which wasn’t working otherwise.
Note that you can’t make it work with username with my changes.

Because of these changes, you should not modify any application properties but these:

keycloak.url.client
keycloak.realm
keycloak.client
keycloak.secret
plugin.identity.keycloak.disableSSLCertificateValidation

Here is the project on github @Tanmay_Naik @VonDerBeck :


#24

Hi @Tristan_MARIE I can’t see your project in the given url


#25

I updated it, had forgot to add files !


#26

Hi @Tristan_MARIE i can’t see the implementation of REST API in camunda keycloak showcase project


#27

You don’t have to implement anything, you just use it as you would do normally.

Just the base url is a bit different, but you should be able to reach it from:

http://yourhost:port/api/engine/engine/default/the endpoint

Notice the ‘engine/engine’ ; it is not a typo!

You just have to include your Authorization bearer token in your headers.
You also need the proper Camunda’s Authorizations (configurable in the cockpit).


#28

Hi @Tristan_MARIE I have put access token as a bearer token in headers .

But no response 404


#29

Hi, try GET http://localhost:8080/api/engine/engine/default/user, you can’t post on this endpoint.
I also missed the api/ part in my previous answer, sorry.
edit:
For your postman, just a little tip, you can put your token in the Authorization part as such:


For instance, my {{token}} variable is an environnent var which is initialized thanks to a test script when I request my token:

var jsonData = pm.response.json();
tests["access token exists " + jsonData.access_token] = jsonData.access_token != undefined;
pm.globals.set("token", jsonData.access_token);
pm.test("Status code is 200", function () {
   pm.response.to.have.status(200);
});

#30

Hi @Tristan_MARIE tried this too same not working


#31

@Tristan_MARIE Any configuration done in admin panel of the camunda.


#32

Hi, is your keycloak user in the camunda’s admin group ?
The name of this admin group is configured by administratorGroupName in your application.properties.
Another way to give the permission is to add your user/group id in the ‘User Authorizations’ tab, as such:


#33

Hi @Tristan_MARIE


Still the same


#34

@Tristan_MARIE


#35



Still the same 404


#36

In your keycloak, did you made your user member of ‘camunda-admin’ ?
My configuration looks like this:


g-demande-bpm-admin being the camunda admin group


#37

Hi @Tristan_MARIE

yes i have


#38

This is really weird, this is the response I get when I try to reach a non-existing endpoint:

{
    "timestamp": "2019-07-17T12:51:10.444+0000",
    "status": 404,
    "error": "Not Found",
    "message": "Not Found",
    "path": "/api/engine/engine/default/uer/"
}

You aren’t getting something like that, but an HTML page instead.
Try going on this URL: http://localhost:8080/app/admin/default/#/users?searchQuery=[] with dev tools enabled, so you can see the requests camunda is making.
As an example, i’m getting this:


Maybe you somehow have another base url


#39

Hi @Tristan_MARIE
tried but no progress

Tried with [http://localhost:8080/app/admin/default/#/users?searchQuery=](http://localhost:8080/app/admin/default/#/users?searchQuery=[]


#40

Looks like your second tab is the one I wanted you to go in, refresh it with dev tools


#41

@Tristan_MARIE

tried this too