I was missing one crucial part, I needed to add the “admin” role to the service account. That seemed to fix most of the issues:
- Now I can login with email
- I can see all users/groups
- No more engine.rest errors.
I do have a couple of other question though…
- is there an easy way to have the engine-rest api be protected by keycloak authentication?
- is there an easy way to have the keycloak login page instead of the camuda login page? I can’t sign into my sso keycloak accounts with the current page.