I am trying out the camunda offered out of box oAuth2 support for implementing oAuth 2 based Authentication. I am able to successfully configure it with okta by adding below configuration.
<dependency>
<groupId>org.camunda.bpm.springboot</groupId>
<artifactId>camunda-bpm-spring-boot-starter-security</artifactId>
</dependency>
Reference :
Spring Security OAuth2 Integration | docs.camunda.org
My Issue : I was reading the limitation that it’s a read only identity provider hence it has left me confused on how to achieve following
- How to create multiple camunda groups so that caunda authorization can be used to populate webapps based on user roles only.
- How to create service account users for /engine-rest endpoint.
looks like I have to disable the oAuth2 and use a local camunda user to populate all the required users and groups and then enable oAuth2 again ?
Another option I see is to disable existing identity provider and implement my own custom identity provider.