camunda.bpm:
  metrics.enabled: false
  history-level: auto

  authorization:
    enabled: true


spring.datasource.url: jdbc:h2:file:./camunda-h2-database

server:
  port: 8080

keycloak.url.client: ${KEYCLOAK_URL_CLIENT:http://localhost:9000}
keycloak.realm: camunda
keycloak.client: camunda-identity-service
keycloak.secret:  ${KEYCLOAK_SECRET_KEY}



# Spring Boot Security OAuth2 SSO
spring.security.oauth2:
  client:
    registration:
      keycloak:
        provider: keycloak
        client-id: ${keycloak.client}
        client-secret: ${keycloak.secret}
        authorization-grant-type: authorization_code
        redirect-uri: "{baseUrl}/{action}/oauth2/code/{registrationId}"
        scope: openid, profile, email
    provider:
      keycloak:
        issuer-uri: ${keycloak.url.client}/auth/realms/${keycloak.realm}
        authorization-uri: ${keycloak.url.client}/auth/realms/${keycloak.realm}/protocol/openid-connect/auth
        user-info-uri: ${keycloak.url.client}/auth/realms/${keycloak.realm}/protocol/openid-connect/userinfo
        token-uri: ${keycloak.url.client}/auth/realms/${keycloak.realm}/protocol/openid-connect/token
        jwk-set-uri: ${keycloak.url.client}/auth/realms/${keycloak.realm}/protocol/openid-connect/certs
        # set user-name-attribute one of: 
        # - sub                -> default; using keycloak ID as camunda user ID
        # - email              -> useEmailAsCamundaUserId=true
        # - preferred_username -> useUsernameAsCamundaUserId=true
        user-name-attribute: preferred_username


plugin.identity.keycloak:
  keycloakIssuerUrl: ${keycloak.url.client}/auth/realms/${keycloak.realm}
  keycloakAdminUrl: ${keycloak.url.client}/auth/admin/realms/${keycloak.realm}
  clientId: ${keycloak.client}
  clientSecret: ${keycloak.secret}
  useEmailAsCamundaUserId: false
  useUsernameAsCamundaUserId: true
  useGroupPathAsCamundaGroupId: true
  administratorGroupName: camunda-admin