spring: jersey: application-path: /engine-rest camunda.bpm: admin-user: id: test password: test firstName: Camunda history-level: full authorization: enabled: true filter: create: All tasks webapp.application-path: #server.servlet.context-path: /api server: port: 7070 #servlet.context-path: /camunda # Camunda Rest API rest.security: enabled: true provider: keycloak required-audience: camunda-rest-api # Spring Boot Security OAuth2 SSO spring.security: oauth2: client: registration: keycloak: provider: keycloak client-id: camunda-identity-service client-secret: 43217f3b-9d01-4b32-b498-158d1c892a5b authorization-grant-type: authorization_code redirect-uri: http://localhost:7070/app/* scope: openid, profile, email, camunda-rest-api provider: keycloak: issuer-uri: http://localhost:9080/auth/realms/camundaspringboot authorization-uri: http://localhost:9080/auth/realms/camundaspringboot/protocol/openid-connect/auth user-info-uri: http://localhost:9080/auth/realms/camundaspringboot/protocol/openid-connect/userinfo token-uri: http://localhost:9080/auth/realms/camundaspringboot/protocol/openid-connect/token jwk-set-uri: http://localhost:9080/auth/realms/camundaspringboot/protocol/openid-connect/certs # set user-name-attribute one of: authorization_code client_credentials # - sub -> default; using keycloak ID as camunda user ID # - email -> useEmailAsCamundaUserId=true # - preferred_username -> useUsernameAsCamundaUserId=true user-name-attribute: preferred_username # Camunda Keycloak Identity Provider Plugin plugin.identity.keycloak: keycloakIssuerUrl: https://localhost:9443/auth/realms/camundaspringboot keycloakAdminUrl: https://localhost:9443/auth/admin/realms/camundaspringboot clientId: camunda-identity-service clientSecret: 43217f3b-9d01-4b32-b498-158d1c892a5b useUsernameAsCamundaUserId: true useGroupPathAsCamundaGroupId: true administratorGroupName: camunda-admin