pm.extension.examples.camunda-bpm-identity-keycloak-examples-sso-kubernetes.2.2.1.source-code.application.yaml Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of camunda-bpm-identity-keycloak-examples-sso-kubernetes Show documentation
Show all versions of camunda-bpm-identity-keycloak-examples-sso-kubernetes Show documentation
Showcase for using Camunda Keycloak Identity Provider
spring.datasource:
url: ${JDBC_URL:jdbc:h2:./camunda-db;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE}
username: ${JDBC_USER:sa}
password: ${JDBC_PASSWORD:sa}
#spring.h2.console.enabled: true
spring:
jersey:
application-path: /engine-rest
camunda.bpm:
history-level: audit
authorization:
enabled: true
filter:
create: All tasks
webapp.application-path:
server:
port: 8080
servlet.context-path: /camunda
# Metrics & Health
management:
health.probes.enabled: true
endpoints:
web.exposure.include: env,health,info,metrics
# Externalized Keycloak configuration
keycloak:
# SSO Authentication requests. Send by application as redirect to the browser
url.auth: ${KEYCLOAK_URL_AUTH:http://localhost:9000}
# SSO Token requests. Send from the application to Keycloak
url.token: ${KEYCLOAK_URL_TOKEN:http://localhost:9000}
# Keycloak access for the Identity Provider plugin.
url.plugin: ${KEYCLOAK_URL_PLUGIN:https://localhost:9001}
# Keycloak Camunda Identity Client
client.id: ${KEYCLOAK_CLIENT_ID:camunda-identity-service}
client.secret: ${KEYCLOAK_CLIENT_SECRET:cbee1434-7e4d-4d85-bab6-5944b427a3c0}
# Spring Boot Security OAuth2 SSO
spring.security:
oauth2:
client:
registration:
keycloak:
provider: keycloak
client-id: ${keycloak.client.id}
client-secret: ${keycloak.client.secret}
authorization-grant-type: authorization_code
redirect-uri: "{baseUrl}/{action}/oauth2/code/{registrationId}"
scope: openid, profile, email
provider:
keycloak:
issuer-uri: ${keycloak.url.auth}/auth/realms/camunda
authorization-uri: ${keycloak.url.auth}/auth/realms/camunda/protocol/openid-connect/auth
user-info-uri: ${keycloak.url.auth}/auth/realms/camunda/protocol/openid-connect/userinfo
token-uri: ${keycloak.url.token}/auth/realms/camunda/protocol/openid-connect/token
jwk-set-uri: ${keycloak.url.token}/auth/realms/camunda/protocol/openid-connect/certs
# set user-name-attribute one of:
# - sub -> default; using keycloak ID as camunda user ID
# - email -> useEmailAsCamundaUserId=true
# - preferred_username -> useUsernameAsCamundaUserId=true
user-name-attribute: preferred_username
logging.level.org.springframework.security: DEBUG
# Camunda Rest API
rest.security:
enabled: true
provider: keycloak
required-audience: camunda-rest-api
# Camunda Keycloak Identity Provider Plugin
plugin.identity.keycloak:
keycloakIssuerUrl: ${keycloak.url.plugin}/auth/realms/camunda
keycloakAdminUrl: ${keycloak.url.plugin}/auth/admin/realms/camunda
clientId: ${keycloak.client.id}
clientSecret: ${keycloak.client.secret}
useEmailAsCamundaUserId: false
useUsernameAsCamundaUserId: true
useGroupPathAsCamundaGroupId: true
administratorGroupName: camunda-admin
disableSSLCertificateValidation: true
© 2015 - 2024 Weber Informatics LLC | Privacy Policy