Integration of camunda with keycloak SSO


#43

Hi @VonDerBeck ,
Is there any way to disable this api http://localhost:8080/camunda/engine-rest/user as this api doesn’t support authentication bearer token and just displays all the list of users


#44

Hi @Tanmay_Naik,

for hints on how to integrate authentication for the REST API see my previous post #32 Integration of camunda with keycloak SSO :

The basic principles can be taken from Camunda’s SSO example (https://github.com/camunda-consulting/code/tree/master/snippets/springboot-security-sso )

It’s all very well documented and worth reading.

Cheers
Gunnar


#46

Hi @VonDerBeck,
I have integrated the rest api part from the given link provided by you.

but i am not able to authenticate the url which is http:localhost:8080/engine-rest/user

Following is the screeshot

In the configuration class i have set the InitParamter to the KeycloakAuthenticationProvider . Need help


#47

Hi @VonDerBeck,
I have changed a piece of code for WebAppSecurityConfig which leads to login page of keycloak when i hit the url - http://localhost:8080/engine-rest/user

@Override
protected void configure(HttpSecurity http) throws Exception {

	http
	.csrf().ignoringAntMatchers("/api/**")
	.and()
    .antMatcher("/**")
    .authorizeRequests()
      .antMatchers("/app/**")
      .authenticated()
      .antMatchers("/engine-rest/**")
      .authenticated()
    .anyRequest()
      .permitAll()
    ;

}

#48

Hi @Tanmay_Naik,

glad you made it :+1:


#49

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)


#50

@VonDerBeck ,
i wanted to configure mysql instead of h2 and redis database in your repository . https://github.com/camunda/camunda-bpm-identity-keycloak/ which i have cloned.
Awaiting for your reply !!


#51

Hi @Tanmay_Naik,

in order to configure MySQL instead of H2 simply go to your application.yaml and change the JDBC URL connection parameters accordingly. General help for this taks can be found within the Spring documentation. Articles on www.baeldung.com are a good reading as well. Camunda’s documentation can be bound here: https://docs.camunda.org/manual/7.11/user-guide/process-engine/database/#database-configuration

Redis integration is an interesting part, but for the sample project not yet ready. So for now the challenge is up to you.

Generally spoken, the sample project is only a basic showcase giving you a start especially on how to configure the Keycloak Identity Provider plugin in such an environment. It is not intended to cover absolutely everything related to Identity Management and all other aspects of Spring Boot. Even if I certainly add new aspects every now and then when time allows.


#52

Hi @VonDerBeck,
Find below the screenshot of application.yaml file !

after successfully run of the project am not able to see any tables got created in mysql .

Awaiting for your reply !!


#53

Hi @VonDerBeck ,
So when i debugged after changing the configuration to mysql , i found that in your plugin there is the embedded data source as h2 DB which is initialising and not taking the url of mysql. Attaching you the screenshot


#54

Hi @VonDerBeck
So still i am playing with the properties

again its taking the embedded datasource

I tried with dbcp datasource also


#55

Hi @Tanmay_Naik,

  1. Have you added the appropriate Spring Boot Datasource dependencies including the MySQL driver package to your pom.xml?
  2. Can you explain what spring.jpa config is good for? Camunda doesn’t use JPA. In case you want to use your own persistence in your business services I would recommend to use a separate database schema and a seperate datasource.
  3. The driver class name should not be required
  4. You have no password?
  5. In your database you have a schema named camunda?
  6. Don’t use root as user, but create your own database user with appropriate access rights to the camunda schema
  7. Do you have any exceptions?

Hope this helps.
Cheers
Gunnar


#56

Hi @VonDerBeck ,
1) yes I have added the dependency of mysql in pom.xml
2) so I used jpa just to check if it works
3) ohk got u
4) yes I was not having password as it is on my local
5) yes in my database I have schema named camunda
6) sure
7) nope no exceptions

So when I start the project I login to mysql I am not able to see tables ,like keycloak creates dynamic tables by adding the data source in xml file

When I debugged the Java file I saw the embedded data source thing , so that’s y I was playing to set the properties file to use mysql instead of h2 database but facing blocker .