spring.datasource: url: jdbc:h2:./camunda-db;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE username: sa password: sa spring: jersey: application-path: /engine-rest camunda.bpm: admin-user: id: demo password: demo firstName: Camunda history-level: audit authorization: enabled: true filter: create: All tasks webapp.application-path: server.servlet.context-path: /api server: port: 7070 servlet.context-path: /camunda # Camunda Rest API rest.security: enabled: true provider: keycloak required-audience: camunda-rest-api # Spring Boot Security OAuth2 SSO spring.security: oauth2: client: registration: keycloak: provider: keycloak client-id: SpringBootApp client-secret: 78296d38-cc82-4010-a817-65c283484e51 authorization-grant-type: password redirect-uri: http://localhost:9080/oauth2/code scope: openid, profile, email, camunda-rest-api provider: keycloak: issuer-uri: https://localhost:9443/auth/realms/SpringBootKeycloakApp authorization-uri: https://localhost:9443/auth/realms/SpringBootKeycloakApp/protocol/openid-connect/auth user-info-uri: https://localhost:9443/auth/realms/SpringBootKeycloakApp/protocol/openid-connect/userinfo token-uri: https://localhost:9443/auth/realms/SpringBootKeycloakApp/protocol/openid-connect/token jwk-set-uri: https://localhost:9443/auth/realms/SpringBootKeycloakApp/protocol/openid-connect/certs # set user-name-attribute one of: # - sub -> default; using keycloak ID as camunda user ID # - email -> useEmailAsCamundaUserId=true # - preferred_username -> useUsernameAsCamundaUserId=true user-name-attribute: preferred_username # Camunda Keycloak Identity Provider Plugin plugin.identity.keycloak: keycloakIssuerUrl: https://localhost:9443/auth/realms/SpringBootKeycloakApp keycloakAdminUrl: https://localhost:9443/auth/admin/realms/SpringBootKeycloakApp clientId: SpringBootApp clientSecret: 78296d38-cc82-4010-a817-65c283484e51 useEmailAsCamundaUserId: false useUsernameAsCamundaUserId: true useGroupPathAsCamundaGroupId: true administratorGroupName: camunda-admin disableSSLCertificateValidation: true