All Downloads are FREE. Search and download functionalities are using the official Maven repository.

pm.extension.examples.camunda-bpm-identity-keycloak-examples-sso-kubernetes.2.2.1.source-code.application.yaml Maven / Gradle / Ivy

There is a newer version: 2.2.3
Show newest version
spring.datasource:
  url: ${JDBC_URL:jdbc:h2:./camunda-db;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE}
  username: ${JDBC_USER:sa}
  password: ${JDBC_PASSWORD:sa}
#spring.h2.console.enabled: true

spring:
  jersey:
    application-path: /engine-rest

camunda.bpm:
  history-level: audit
  authorization:
    enabled: true
  filter:
    create: All tasks
  webapp.application-path:

server:
  port: 8080
  servlet.context-path: /camunda

# Metrics & Health
management:
  health.probes.enabled: true
  endpoints:
    web.exposure.include: env,health,info,metrics


# Externalized Keycloak configuration
keycloak:
  # SSO Authentication requests. Send by application as redirect to the browser
  url.auth: ${KEYCLOAK_URL_AUTH:http://localhost:9000}
  # SSO Token requests. Send from the application to Keycloak
  url.token: ${KEYCLOAK_URL_TOKEN:http://localhost:9000}
  # Keycloak access for the Identity Provider plugin.
  url.plugin: ${KEYCLOAK_URL_PLUGIN:https://localhost:9001}

  # Keycloak Camunda Identity Client
  client.id: ${KEYCLOAK_CLIENT_ID:camunda-identity-service}
  client.secret: ${KEYCLOAK_CLIENT_SECRET:cbee1434-7e4d-4d85-bab6-5944b427a3c0}

# Spring Boot Security OAuth2 SSO
spring.security:
  oauth2:
    client:
      registration:
        keycloak:
          provider: keycloak
          client-id: ${keycloak.client.id}
          client-secret: ${keycloak.client.secret}
          authorization-grant-type: authorization_code
          redirect-uri: "{baseUrl}/{action}/oauth2/code/{registrationId}"
          scope: openid, profile, email
      provider:
        keycloak:
          issuer-uri: ${keycloak.url.auth}/auth/realms/camunda
          authorization-uri: ${keycloak.url.auth}/auth/realms/camunda/protocol/openid-connect/auth
          user-info-uri: ${keycloak.url.auth}/auth/realms/camunda/protocol/openid-connect/userinfo
          token-uri: ${keycloak.url.token}/auth/realms/camunda/protocol/openid-connect/token
          jwk-set-uri: ${keycloak.url.token}/auth/realms/camunda/protocol/openid-connect/certs
          # set user-name-attribute one of: 
          # - sub                -> default; using keycloak ID as camunda user ID
          # - email              -> useEmailAsCamundaUserId=true
          # - preferred_username -> useUsernameAsCamundaUserId=true
          user-name-attribute: preferred_username

logging.level.org.springframework.security: DEBUG

# Camunda Rest API
rest.security:
  enabled: true
  provider: keycloak
  required-audience: camunda-rest-api

# Camunda Keycloak Identity Provider Plugin
plugin.identity.keycloak:
  keycloakIssuerUrl: ${keycloak.url.plugin}/auth/realms/camunda
  keycloakAdminUrl: ${keycloak.url.plugin}/auth/admin/realms/camunda
  clientId: ${keycloak.client.id}
  clientSecret: ${keycloak.client.secret}
  useEmailAsCamundaUserId: false
  useUsernameAsCamundaUserId: true
  useGroupPathAsCamundaGroupId: true
  administratorGroupName: camunda-admin
  disableSSLCertificateValidation: true




© 2015 - 2024 Weber Informatics LLC | Privacy Policy