Camunda Keycloak Identity Provider Plugin

Hi @Tristan_MARIE I would like to have your code . Pls mail on

Hi, sorry for the late answer @VonDerBeck,

Made a few tweaks so “disableSSLCertificateValidation: true” works (it wasn’t on my computer), and some other changes linked to " useEmailAsCamundaUserId: true", which wasn’t working otherwise.
Note that you can’t make it work with username with my changes.

Because of these changes, you should not modify any application properties but these:


Here is the project on github @Tanmay_Naik @VonDerBeck :

1 Like

Hi @Tristan_MARIE I can’t see your project in the given url

I updated it, had forgot to add files !

Hi @Tristan_MARIE i can’t see the implementation of REST API in camunda keycloak showcase project

You don’t have to implement anything, you just use it as you would do normally.

Just the base url is a bit different, but you should be able to reach it from:

http://yourhost:port/api/engine/engine/default/the endpoint

Notice the ‘engine/engine’ ; it is not a typo!

You just have to include your Authorization bearer token in your headers.
You also need the proper Camunda’s Authorizations (configurable in the cockpit).

Hi @Tristan_MARIE I have put access token as a bearer token in headers .

But no response 404

Hi, try GET http://localhost:8080/api/engine/engine/default/user, you can’t post on this endpoint.
I also missed the api/ part in my previous answer, sorry.
For your postman, just a little tip, you can put your token in the Authorization part as such:

For instance, my {{token}} variable is an environnent var which is initialized thanks to a test script when I request my token:

var jsonData = pm.response.json();
tests["access token exists " + jsonData.access_token] = jsonData.access_token != undefined;
pm.globals.set("token", jsonData.access_token);
pm.test("Status code is 200", function () {;

Hi @Tristan_MARIE tried this too same not working

@Tristan_MARIE Any configuration done in admin panel of the camunda.

Hi, is your keycloak user in the camunda’s admin group ?
The name of this admin group is configured by administratorGroupName in your
Another way to give the permission is to add your user/group id in the ‘User Authorizations’ tab, as such:

Hi @Tristan_MARIE

Still the same


Still the same 404

In your keycloak, did you made your user member of ‘camunda-admin’ ?
My configuration looks like this:

g-demande-bpm-admin being the camunda admin group

Hi @Tristan_MARIE

yes i have

This is really weird, this is the response I get when I try to reach a non-existing endpoint:

    "timestamp": "2019-07-17T12:51:10.444+0000",
    "status": 404,
    "error": "Not Found",
    "message": "Not Found",
    "path": "/api/engine/engine/default/uer/"

You aren’t getting something like that, but an HTML page instead.
Try going on this URL: http://localhost:8080/app/admin/default/#/users?searchQuery=[] with dev tools enabled, so you can see the requests camunda is making.
As an example, i’m getting this:

Maybe you somehow have another base url

Hi @Tristan_MARIE
tried but no progress

Tried with [http://localhost:8080/app/admin/default/#/users?searchQuery=](http://localhost:8080/app/admin/default/#/users?searchQuery=[]

Looks like your second tab is the one I wanted you to go in, refresh it with dev tools


tried this too