Camunda Identity Link Implementation

Scorpion · November 17, 2016, 7:03am

Hi ,

How it possible to provide new Identity link apart from LDAP servers in camunda. I want to create a new identity link which will retrieve user and roles from an external database . I want camunda to authenticate and authorize this identities.

Thanks
John

thorben · November 17, 2016, 8:16am

Hi John,

Please do only post your question once on the public forum. Sending private messages to other users won’t speed up the process.

Thanks,
Thorben

thorben · November 17, 2016, 4:16pm

Hi John,

Now I have some time to provide an actual answer. For a custom identity access implementation, you have to implement the interface org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProvider. You’ll have to register your implementation with the process engine via an implementation of org.camunda.bpm.engine.impl.interceptor.SessionFactory. The registration can for example be done in a process engine plugin.

I suggest you have a look at the sources of the LDAP plugin to get started.

ReadOnlyIdentityProvider implementation: https://github.com/camunda/camunda-bpm-platform/blob/master/engine-plugins/identity-ldap/src/main/java/org/camunda/bpm/identity/impl/ldap/LdapIdentityProviderSession.java
SessionFactory implementation: https://github.com/camunda/camunda-bpm-platform/blob/master/engine-plugins/identity-ldap/src/main/java/org/camunda/bpm/identity/impl/ldap/LdapIdentityProviderFactory.java
Process engine plugin: https://github.com/camunda/camunda-bpm-platform/blob/master/engine-plugins/identity-ldap/src/main/java/org/camunda/bpm/identity/impl/ldap/plugin/LdapIdentityProviderPlugin.java

Cheers,
Thorben

Scorpion · November 17, 2016, 5:35pm

@thorben thanx for the reply… I have analysed camunda source code , based on an initial analysis i have planned to rewrite DBenity manager class to read tomcat datasource and from there to query my user database. Is it a right way to implement ?

Can you please provide the information regarding how camunda reads the datasource and uses its in Mybatis… ?

What is the role of bpm-patform.xml file ?

thorben · November 29, 2016, 5:02pm

Hi @Scorpion,

I don’t think you need to rewrite DbEntityManager. A plain JDBC connection or probably custom MyBatis mappings should do. Unfortunately, I don’t have ready-made documentation on the aspects you ask and I haven’t got the time to compile it. I suggest you debug the unit and integration tests we have to gain an understanding how Camunda works internally. Also make yourself familiar with Mybatis, if you haven’t done this yet.

Cheers,
Thorben