Hello all,
We are using camunda-bpm-spring-boot-starter and have managed to configure SSO via an external identity provider (IdP). When starting the server, Camunda requires us to create a user for it’s camunda-admin group (or expects it to find in our IdP) which after some digging, we found was coming from the “SetupResource” feature. Can this be overridden in our spring boot application? Can we somehow configure one of our own groups from our IdP to override this?
Could we use the AdministratorAuthorizationPlugin shipped with the LdapIdentityProviderPlugin to tell Camunda that which user or group of external IdP would be treated as an admin by default?
If yes how could we use/enable this authorization plugin in our application?
Is there any configuration to be made in our spring boot application to activate this plugin?
Any help would be much appreciated!
Thanks.
Hi @Ashutosh,
I am not a spring boot expert, but you can use the AdministratorAuthorizationPlugin
to set the admin user. This can be done as follows:
<plugin>
<class>org.camunda.bpm.engine.impl.plugin.AdministratorAuthorizationPlugin</class>
<properties>
<property name="administratorUserName">admin</property>
</properties>
</plugin>
Does it help you?
Cheers,
Roman
Hi @roman.smirnov,
Thanks for your reply. We saw this plugin activation in the LDAP configuration page.
We were just wondering how could this be implemented in a Spring Boot app though.
Thanks!
For Spring Boot, put this into a configuration class (a class annotated with ‘@Configuration’):
@Bean
public ProcessEnginePlugin administratorAuthorizationPlugin() {
AdministratorAuthorizationPlugin administratorAuthorizationPlugin = new AdministratorAuthorizationPlugin();
administratorAuthorizationPlugin.setAdministratorUserName("yourAdminUsername");
administratorAuthorizationPlugin.setAdministratorGroupName("yourAdminGroupName");
return administratorAuthorizationPlugin;
}
After starting the application, check the contents of your ACT_RU_AUTHORIZATION table, it will create there some entries!
1 Like