Integration of camunda with keycloak SSO

Hi @VonDerBeck,
I have deployed the project to the kubernatives cluster as we are using git lab CI/CD pipelines , The issue i am facing is that i have specified redirect url in keycloak as https://domain-name.com/camunda/login but it redirects me to to http://domain-name.com/camunda/login and page is not displayed

So Another option i tried by specifying the wild card * it redirected me to the same domain without https but the page of keycloak was displayed , since i was trying to access groups through rest api

http://domain-name.com/camunda/api/engine/engine/default/user

so here when i send token to access it , it says 401 unauthorized

{
“timestamp”: “2019-09-17T13:23:49.503+0000”,
“status”: 401,
“error”: “Unauthorized”,
“message”: “No message available”,
“path”: “/camunda/api/engine/engine/default/user”
}

This api are accessible when i log into keycloak
As keycloak is redirecting to http rather than https

Hi @Tanmay_Naik

looks like the “Valid Redirect URI” for your Keycloak Camunda Identity Service should be simply /camunda/login/* without your domain name. The rest will be part of your nginx ingress setup.

Regards
Gunnar

Hi @VonDerBeck,
Thank you so much for your valuable time , Yes i have changed the “Valid Redirect URI” to /camunda/login/* . In our enviroment we are using kong ingress, so i need to change the kong ingress file

Regards
Tanmay

Hi @VonDerBeck,
As searched on google kong ingress does not provide annotations as nginx ingress so i think i need to write custom plugin for it

Hi Tanmay,
I would like to know what will the values for
redirect-uri: “{baseUrl}/{action}/oauth2/code/{registrationId}”

Like what is baseUrl, Action, and registrationId?

Thanks,
Krishan