Comments (13)
Hi @MaxiRage,
looks like something is missing on your side... The SSO Kubernetes Sample is intended to show how all works together, especially combining SSO (which uses Keycloak for login and not the original Camunda Form) with the Keycloak Identity Provider under the hood. SSO is based purely on Spring Boot Security and the corresponding configuration and components.
from camunda-platform-7-keycloak.
@VonDerBeck, thanks
from camunda-platform-7-keycloak.
@VonDerBeck, Hi
I managed to set up single sign-on.
Your answer gave me motivation to search for inaccuracies.
Now there is another error related, as I understand it, to security and sending the POST method to tasklist or logout.
Could you help?
from camunda-platform-7-keycloak.
I fixed it.
And one more question.
When logout, I will be redirected to the camunda login page, while if I go to the login page again (for example, localhost:8080/camunda), the session resumes without authorization. Is that right?
from camunda-platform-7-keycloak.
logout is a complex topic here. Have you read through the section "Logout from Cockpit" in the SSO example? And checked the corresponding code parts?
There is
- a Javascript plugin part in the Camunda applications replacing the original logout triggering the logout handler
- the logout handler itself triggering logout from Keycloak
- so that after logout you will finally be redirected back to the Camunda application
- which obviously requires login so you end up at the login page of Keycloak again
Does that help?
from camunda-platform-7-keycloak.
@VonDerBeck, thank you for the answer!
Is it possible to redirect the start page after logging in? Now I am redirected to "tasklist" but if the user does not have rights to it, then error 403, I would like to go to the "welcome" (my profile) page.
from camunda-platform-7-keycloak.
The solution turned out to be simple:
[...]
.oauth2Login()
.defaultSuccessUrl("/app/welcome/", true)
[...]
from camunda-platform-7-keycloak.
But such a solution is not complete, only after a successful login.
If I go to ".../camunda" again, then I will be redirected to ".../app/tasklist", where I will get 403 if I am not in the right group.
Is it possible to change the default ".../app/tasklist" to ".../app/welcome" ?
from camunda-platform-7-keycloak.
Maybe someone will need it.
OK, I added
in src/main/resources/META-INF/resources/index.html
and disabled index.html by default:
camunda,bpm.webapp.index-redirect-enabled: false
I will be glad if you tell me an alternative solution.
Thanks.
from camunda-platform-7-keycloak.
this all sounds weird - even if it somehow works. Can you tell me which Camunda Version and which Spring Boot version you use? Which Keycloak version do you use? What does your "Valid Redirect URI" and "Valid post logout URI" configuration look like?
from camunda-platform-7-keycloak.
Camunda 7.18
Spring Boot 2.7.5
KeyCloak 21.0.0
from camunda-platform-7-keycloak.
I'm struggling to set up SSO as well, not sure if I made any mistakes when I followed the main tutorial in README.md.
One issue in my case was that I wanted to use the email address of users in Camunda, but setting the useEmailAsCamundaUserId
prevents SSO.
Another possible issue was that I first used the KeycloakAuthenticationProvider
code as provided, but the path is hardcoded there for the showcase example.
Even after fixing these I still don't get redirected to Keycloak.
I'm on Camunda 7.18.0, Spring Boot 2.6.14 and Keycloak 18.0.0
from camunda-platform-7-keycloak.
Closing this as not reproducible.
from camunda-platform-7-keycloak.
Related Issues (20)
- TomCat configuration engine-rest api HOT 4
- Release 7.18.0 HOT 2
- Release 7.18.0 HOT 1
- Invalid parameter: redirect_uri HOT 1
- Keycloak call /auth/admin/realms/Test-Realm/users?max=250 is taking over 2 minutes HOT 6
- This identity service implementation is read-only HOT 8
- Could mysql driver be added to docker-pom.xml? HOT 2
- Update for Camunda 7.19.0 HOT 2
- 7.19.0 not available in maven repository HOT 3
- Release 7.19.0 HOT 3
- Support Spring Boot 3.x / Camunda 7.20 HOT 5
- Problem with charachter "%" in client secret HOT 4
- Dependency Dashboard
- sso-kubernetes REST API authentication doesn't work locally HOT 3
- sso-kubernetes Cluster doesn't start on Kubernetes engine in Docker desktop HOT 1
- the Activation of the camunda-platform-7-keycloak stop the process of the camunda-bpm-mail mail-send connector HOT 6
- next steps after the camunda-showcase-keycloak HOT 2
- Does it support quarkus HOT 2
- Camunda stops working if loosing connection with Keycloak HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from camunda-platform-7-keycloak.