Hi
I want to integrate camunda 8 tasklist with my spring boot application
can you guys guide me on this
Thanks and regards
Hi @usman - what do you mean by âinteractâ and âintegrateâ? Are you looking to build your own frontend for human tasks? Depending on what you want to do, I would start here:
1 Like
HI @nathan.loading Yes I am looking to build my own frontend for human task, so what we do using taskList Ui of camunda 8.
And also I am not able to generate the tokens for operate and tasklist I can generate for identity
Thank You
Hi @usman - can you share more details? What issues are you having building your own Tasklist UI? What error do you get when you try to generate a token? How are you trying to generate a token?
1 Like
Iâm encountering issues with generating bearer tokens for authorization I am running Camunda 8 via Docker. When I attempt to obtain a token using client credentials
curl --location --request POST âhttp://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/tokenâ
âheader âContent-Type: application/x-www-form-urlencodedâ
âdata-urlencode âclient_id=operateâ
âdata-urlencode 'client_secret=âXALaRPl5qwTEItdwCMiPS62nVpKs7dL7â
âdata-urlencode âgrant_type=client_credentialsâ,
and I also i granted the Permissions for read write for Operate API as mentioned in Getting unauthorized error for operate api even if we get the token using keycloak and identity - #8 by Vipul
I initially received an âunauthorised_clientâ error, but after enabling service accounts for the âOperateâ client in Keycloak, I successfully obtained a token.
However, when I tried to access a Camunda API endpoint (http://localhost:8081/v1/process-instances/2251799813685292 ) using this token in the Authorization header with the âBearerâ scheme, I received a â401 Unauthorizedâ response with no message. I need help troubleshooting this issue.
Hi @usman - can you share screenshots of the client configuration in Identity?
1 Like
Hi @usman - can you zip the images, or post them one-per-post?
when we use that token for task list and hit that url with that token we are getting login page with 200 ok
when we are using token for TaskList API we are getting the below error
Requested path /v1/tasks/2251799813685268, but not authenticated. Redirect to /api/login
and I also provided the tokens details in screen shot
http://localhost:8082/swagger-ui/index.html#/
TaskList swagger url is not working
Hi @usman - you shouldnât need to configure anything in Keycloak if you are using Identity; Identity handles that. I would recommend removing that client from Keycloak and only using Identity.
In Identity, you need to configure it as an Application, not a Role. Under Applications, add a new Application and select the appropriate type (thereâs a link to further documentation in the tooltip) and enter the redirect URLs for your application. Then, on the âAccess to APIsâ tab, assign read:* (and write:* if you want to POST requests) to the APIs you want it to have access to.
Hope that helps!
I am not added the new client in keycloak i am using the default one
the swagger UI is working for operate(which is running on port 8081 from docker)
its not working for tasklList(which is running on port 8082 from docker)
while adding an application I there is no option to select which type of applications
and there is also no Access to APIs option available in application, I can only find Application details,
@usman - what version of Camunda are you running? Can you share your Helm or Docker configuration?
HI @nathan.loding I am shearing my docker Configuration
docker-compose.yaml (7.8 KB)
# While the Docker images themselves are supported for production usage,
# this docker-compose.yaml is designed to be used by developers to run
# an environment locally. It is not designed to be used in production.
# We recommend to use Kubernetes in production with our Helm Charts:
# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/
# For local development, we recommend using KIND instead of `docker-compose`:
# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/#installing-the-camunda-helm-chart-locally-using-kind
# This is a full configuration with Zeebe, Operate, Tasklist, Optimize, Identity, Keycloak, and Elasticsearch
# See docker-compose-core.yml for a lightweight configuration that does not include Optimize, Identity, and Keycloak.
services:
zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe
image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION:-8.0.0}
container_name: zeebe
ports:
- "26500:26500"
- "9600:9600"
environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/
- ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter
- ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200
- ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1
# allow running with low disk space
- ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998
- ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999
- "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m"
restart: always
volumes:
- zeebe:/usr/local/zeebe/data
networks:
- camunda-platform
depends_on:
- elasticsearch
operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate
image: camunda/operate:${CAMUNDA_PLATFORM_VERSION:-8.0.0}
container_name: operate
ports:
- "8081:8080"
environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/
- CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500
- CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200
- CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200
# For more information regarding configuration with Identity see:
# https://docs.camunda.io/docs/self-managed/operate-deployment/authentication/#identity
- SPRING_PROFILES_ACTIVE=identity-auth
- CAMUNDA_OPERATE_IDENTITY_ISSUER_URL=http://localhost:18080/auth/realms/camunda-platform
- CAMUNDA_OPERATE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform
- CAMUNDA_OPERATE_IDENTITY_CLIENTID=operate
- CAMUNDA_OPERATE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
- CAMUNDA_OPERATE_IDENTITY_AUDIENCE=operate-api
networks:
- camunda-platform
- identity-network
depends_on:
- zeebe
- identity
- elasticsearch
tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist
image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION:-8.0.0}
container_name: tasklist
ports:
- "8082:8080"
environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/
- CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500
- CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200
- CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200
# For more information regarding configuration with Identity see:
# https://docs.camunda.io/docs/self-managed/tasklist-deployment/authentication/#identity
- SPRING_PROFILES_ACTIVE=identity-auth
- CAMUNDA_TASKLIST_IDENTITY_ISSUER_URL=http://localhost:18080/auth/realms/camunda-platform
- CAMUNDA_TASKLIST_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform
- CAMUNDA_TASKLIST_IDENTITY_CLIENTID=tasklist
- CAMUNDA_TASKLIST_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
- CAMUNDA_TASKLIST_IDENTITY_AUDIENCE=tasklist-api
networks:
- camunda-platform
- identity-network
depends_on:
- zeebe
- identity
- elasticsearch
optimize: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#optimize
image: camunda/optimize:${CAMUNDA_OPTIMIZE_VERSION:-3.8.0}
container_name: optimize
ports:
- "8083:8090"
environment: # https://docs.camunda.io/docs/self-managed/optimize-deployment/setup/installation/#available-environment-variables
- OPTIMIZE_ELASTICSEARCH_HOST=elasticsearch
- OPTIMIZE_ELASTICSEARCH_HTTP_PORT=9200
- SPRING_PROFILES_ACTIVE=ccsm
- CAMUNDA_OPTIMIZE_ZEEBE_ENABLED=true
- CAMUNDA_OPTIMIZE_ENTERPRISE=false
- CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_URL=http://localhost:18080/auth/realms/camunda-platform
- CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform
- CAMUNDA_OPTIMIZE_IDENTITY_CLIENTID=optimize
- CAMUNDA_OPTIMIZE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
- CAMUNDA_OPTIMIZE_IDENTITY_AUDIENCE=optimize-api
- CAMUNDA_OPTIMIZE_SECURITY_AUTH_COOKIE_SAME_SITE_ENABLED=false
restart: on-failure
networks:
- camunda-platform
- identity-network
depends_on:
- identity
- elasticsearch
identity: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#identity
container_name: identity
image: camunda/identity:8.0.0
ports:
- "8084:8084"
environment: # https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/
SERVER_PORT: 8084
KEYCLOAK_URL: http://keycloak:8080/auth
IDENTITY_AUTH_PROVIDER_BACKEND_URL: http://keycloak:8080/auth/realms/camunda-platform
KEYCLOAK_INIT_OPERATE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
KEYCLOAK_INIT_OPERATE_ROOT_URL: http://localhost:8081
KEYCLOAK_INIT_TASKLIST_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
KEYCLOAK_INIT_TASKLIST_ROOT_URL: http://localhost:8082
KEYCLOAK_INIT_OPTIMIZE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
KEYCLOAK_INIT_OPTIMIZE_ROOT_URL: http://localhost:8083
KEYCLOAK_USERS_0_USERNAME: "demo"
KEYCLOAK_USERS_0_PASSWORD: "demo"
KEYCLOAK_USERS_0_FIRST_NAME: "demo"
KEYCLOAK_USERS_0_ROLES_0: "Identity"
KEYCLOAK_USERS_0_ROLES_1: "Optimize"
KEYCLOAK_USERS_0_ROLES_2: "Operate"
KEYCLOAK_USERS_0_ROLES_3: "Tasklist"
restart: on-failure
networks:
- identity-network
depends_on:
- keycloak
keycloak: # https://hub.docker.com/r/jboss/keycloak
container_name: keycloak
image: jboss/keycloak:${KEYCLOAK_VERSION:-16.1.1}
ports:
- "18080:8080"
environment:
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
networks:
- identity-network
elasticsearch: # https://hub.docker.com/_/elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION:-7.17.0}
container_name: elasticsearch
ports:
- "9200:9200"
- "9300:9300"
environment:
- bootstrap.memory_lock=true
- discovery.type=single-node
# allow running with low disk space
- cluster.routing.allocation.disk.threshold_enabled=false
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
restart: always
healthcheck:
test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ]
interval: 30s
timeout: 5s
retries: 3
volumes:
- elastic:/usr/share/elasticsearch/data
networks:
- camunda-platform
volumes:
zeebe:
elastic:
networks:
# Note there are two bridge networks: One for Camunda Platform and one for Identity.
# Operate, Tasklist, and Optimize use both
camunda-platform:
identity-network:
@usman - do you have a .env file with this? What version of Camunda is this installing?
Hi @nathan.loding I am using g camunda 8. And I donât have .env file
@usman - without a .env file to provide environment variables (such as $CAMUNDA_PLATFORM_VERSION), your Docker install is defaulting to version 8.0.0, which is 2+ years old now and no longer supported by Camunda. The latest release is 8.4.5, with 8.5 being released next month.
I would suggest grabbing the latest stable docker-compose configuration from the repository below, and make sure you utilize the .env file that is in the repository also. I also linked some information on how docker-compose uses .env files for reference if you want to use the environment variables without the .env file.
Hi @nathan.loding thank you for giving correct docker file
I have given the read and write permissions for both tasklist and operate APIâs
now I am getting the token, and at the same time I am getting the 401 while using that token
http://localhost:8081/v1/process-instances/search
responce:
{
âmessageâ: âthe provided claims are invalidâ
}
shearing the screen shot
@usman - looks like something is still misconfigured in Identity. Can you share screenshots of the application configuration in Identity?
HI @nathan.loding here is the Screenshot of identity
@usman - which of those applications are you using to get the token? And for that application, what permissions are applied?
Hi @nathan.loding I thous application I am using tasklist and operate to get the token
and for the application i am shearing the screen shots
