Connect Camunda to Thrird Party Single-Sign On

Hello,

I am using Jump Cloud to manage Single-Sign on for all my Cloud infrastructure, and I want to integrate my Camunda login page there as well. But I see Camunda doesn’t support SAML-based SSO. On the other side I’ve seen that Camunda natively supports Sprint Security from Java, which could help to make this integration.

Is there a way to make the SAML support ready for Camunda or is it necessary to use Sprint Security?

Thank you.

@tonyccolin, camunda supports SAML-based SSO similar to Jump cloud which is Keycloak SSO.

Keycloak is an open source program that allows you to setup a secure single sign on provider. It supports multiple protocols such as SAML 2.0 and OpenID Connect. It can also store user credentials locally or via an LDAP or Kerberos backend.

You can use the camunda-bpm-identity-keycloak community extensions which supports keycloak and developed by @VonDerBeck

Sample:

2 Likes

Hi @tonyccolin,

as @aravindhrs noted above (thanks :grinning: :grinning:), Keycloak in combination with the camunda-bpm-identity-keycloak community extension might be, what your’re looking for.

The blog post https://blog.camunda.com/post/2019/08/keycloak-identity-provider-extension/ is a good starting point.

Regarding examples I would like to add, that the Identity Provider Plugin itself contains a full SSO example covering a lot of aspects like logout, security of the REST api, etc. etc.
Camunda Keycloak SSO example

Furthermore, if not using Spring Boot, you’ll find a setup introduction for standalone Tomcat as well:
Camunda Keycloak Identity Provider setup on Tomcat

Hope this adds to the great infos from @aravindhrs and helps you getting started.

Gunnar