Only the camunda login form is displayed about camunda-platform-7-keycloak HOT 13 CLOSED

Hi @MaxiRage,

looks like something is missing on your side... The SSO Kubernetes Sample is intended to show how all works together, especially combining SSO (which uses Keycloak for login and not the original Camunda Form) with the Keycloak Identity Provider under the hood. SSO is based purely on Spring Boot Security and the corresponding configuration and components.

from camunda-platform-7-keycloak.

@VonDerBeck, thanks

from camunda-platform-7-keycloak.

@VonDerBeck, Hi
I managed to set up single sign-on.
Your answer gave me motivation to search for inaccuracies.
Now there is another error related, as I understand it, to security and sending the POST method to tasklist or logout.
Could you help?

from camunda-platform-7-keycloak.

I fixed it.

And one more question.
When logout, I will be redirected to the camunda login page, while if I go to the login page again (for example, localhost:8080/camunda), the session resumes without authorization. Is that right?

from camunda-platform-7-keycloak.

@MaxiRage,

logout is a complex topic here. Have you read through the section "Logout from Cockpit" in the SSO example? And checked the corresponding code parts?

There is

• a Javascript plugin part in the Camunda applications replacing the original logout triggering the logout handler
• the logout handler itself triggering logout from Keycloak
• so that after logout you will finally be redirected back to the Camunda application
• which obviously requires login so you end up at the login page of Keycloak again

Does that help?

from camunda-platform-7-keycloak.

@VonDerBeck, thank you for the answer!

Is it possible to redirect the start page after logging in? Now I am redirected to "tasklist" but if the user does not have rights to it, then error 403, I would like to go to the "welcome" (my profile) page.

from camunda-platform-7-keycloak.

The solution turned out to be simple:
[...]
.oauth2Login()
.defaultSuccessUrl("/app/welcome/", true)
[...]

from camunda-platform-7-keycloak.

But such a solution is not complete, only after a successful login.
If I go to ".../camunda" again, then I will be redirected to ".../app/tasklist", where I will get 403 if I am not in the right group.
Is it possible to change the default ".../app/tasklist" to ".../app/welcome" ?

from camunda-platform-7-keycloak.

Maybe someone will need it.
OK, I added

in src/main/resources/META-INF/resources/index.html

and disabled index.html by default:
camunda,bpm.webapp.index-redirect-enabled: false

I will be glad if you tell me an alternative solution.
Thanks.

from camunda-platform-7-keycloak.

@MaxiRage,

this all sounds weird - even if it somehow works. Can you tell me which Camunda Version and which Spring Boot version you use? Which Keycloak version do you use? What does your "Valid Redirect URI" and "Valid post logout URI" configuration look like?

from camunda-platform-7-keycloak.

@VonDerBeck,

Camunda 7.18
Spring Boot 2.7.5
KeyCloak 21.0.0

from camunda-platform-7-keycloak.

I'm struggling to set up SSO as well, not sure if I made any mistakes when I followed the main tutorial in README.md.
One issue in my case was that I wanted to use the email address of users in Camunda, but setting the useEmailAsCamundaUserId prevents SSO.
Another possible issue was that I first used the KeycloakAuthenticationProvider code as provided, but the path is hardcoded there for the showcase example.
Even after fixing these I still don't get redirected to Keycloak.
I'm on Camunda 7.18.0, Spring Boot 2.6.14 and Keycloak 18.0.0

from camunda-platform-7-keycloak.

Closing this as not reproducible.

from camunda-platform-7-keycloak.