Camunda Identity Link Implementation

Hi ,

How it possible to provide new Identity link apart from LDAP servers in camunda. I want to create a new identity link which will retrieve user and roles from an external database . I want camunda to authenticate and authorize this identities.


Hi John,

Please do only post your question once on the public forum. Sending private messages to other users won’t speed up the process.


Hi John,

Now I have some time to provide an actual answer. For a custom identity access implementation, you have to implement the interface org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProvider. You’ll have to register your implementation with the process engine via an implementation of org.camunda.bpm.engine.impl.interceptor.SessionFactory. The registration can for example be done in a process engine plugin.

I suggest you have a look at the sources of the LDAP plugin to get started.

ReadOnlyIdentityProvider implementation:
SessionFactory implementation:
Process engine plugin:


@thorben thanx for the reply… I have analysed camunda source code , based on an initial analysis i have planned to rewrite DBenity manager class to read tomcat datasource and from there to query my user database. Is it a right way to implement ?

Can you please provide the information regarding how camunda reads the datasource and uses its in Mybatis… ?

What is the role of bpm-patform.xml file ?

Hi @Scorpion,

I don’t think you need to rewrite DbEntityManager. A plain JDBC connection or probably custom MyBatis mappings should do. Unfortunately, I don’t have ready-made documentation on the aspects you ask and I haven’t got the time to compile it. I suggest you debug the unit and integration tests we have to gain an understanding how Camunda works internally. Also make yourself familiar with Mybatis, if you haven’t done this yet.