Hi Rob,
I deploy my application in wildfly 20 and I do not use spring boot.
I implemented the ldap plugin successfully. I got all users of our ldap system and was able to login with my ldap account. The problem is, in our company I am not allowed to manage user and groups in our ldap system. I only have a read access for users. The groups the users are in are not the groups that I need for camunda. So for example if I use the ldap plugin I can not have an admin access to camunda. (Whole problem is described here: LDAP Plugin - Bind failed: Attempt to lookup non-existant entry)
So I thought about a ReadOnlyIdentityProvider which does the following things:
- connect to ldap programmatically and check if user and password exists
- connect to another software via REST and get roles, rights and groups.
- Then programmatically create user in camunda like here: camunda-bpm-platform/DemoDataGenerator.java at master · camunda/camunda-bpm-platform · GitHub
- login to camunda
Is that possible?
How can I implement the custom identity provider?
- implement ReadOnlyIdentityProvider interface
- register the class somewhere? → How does the tasklist know that the login site should use my custom provider?
Thanks a lot,
Nicole