How to edit groupResourceWhitelistPattern to allow underscore symbol in Camunda 8.7?

devmsaleh · September 24, 2025, 8:55am

Hi, I want to edit groupResourceWhitelistPattern to allow underscore symbol in Camunda 8.7 ?
Please advise how to accomplish this.

zee-bot · September 24, 2025, 8:56am

Hi there!

I’ve searched through the available Camunda 8.7 documentation and knowledge base, but I couldn’t find any specific information about a groupResourceWhitelistPattern configuration property.

Based on my search, here’s what I can tell you about resource patterns in Camunda 8:

Current Resource Authorization Patterns:

Camunda 8’s resource authorization system currently only supports the full wildcard * for resource IDs
Partial matching or custom patterns (including underscores, prefixes, or other wildcards) are not supported in the standard resource authorization configuration
You can only use either the exact resource ID or * for all resources

Possible Scenarios:

If this is a custom configuration: The groupResourceWhitelistPattern might be a custom property specific to your deployment or a third-party integration
If this is from Camunda 7: This configuration pattern might exist in Camunda 7 but not be available in Camunda 8
If this is an undocumented feature: It might be a configuration that’s not covered in the public documentation

Next Steps:
Could you provide more context about:

Where you encountered this groupResourceWhitelistPattern configuration?
What specific use case you’re trying to achieve with underscore symbols?
Are you migrating from Camunda 7 or working with a custom setup?

This additional information would help me provide more targeted assistance or escalate to the appropriate experts if needed.

References:

devmsaleh · September 24, 2025, 8:58am

@zee-bot Can you please refer the question to a human?

zee-bot · September 24, 2025, 8:58am

Thanks for the feedback! I’m escalating your question about groupResourceWhitelistPattern to a Camunda expert who can provide more specific guidance.

Since this configuration property isn’t covered in the standard Camunda 8.7 documentation, a human expert will be better positioned to help you with:

Whether this is a valid configuration option
How to properly configure it to allow underscore symbols
Alternative approaches if this specific pattern isn’t supported

A community member or Camunda expert will follow up with you shortly. Thanks for your patience!

nathan.loding · September 24, 2025, 1:11pm

Hi @devmsaleh - groupResourceWhitelistPattern is a Camunda 7 parameter and is not available in Camunda 8. In C7, it allowed a custom pattern for validating user, group, and tenant IDs - all of which already allow underscores in C8, I believe.

What is it you are wanting to add an underscore that isn’t working?

devmsaleh · September 25, 2025, 5:16am

Group ID creation in Identity does not allow the underscore symbol
(Please enter a valid group ID (only alphanumeric characters and max 256 characters)
Pleas see attached image

zee-bot · September 25, 2025, 5:18am

Thank you for providing the screenshot! Now I can see the specific issue you’re encountering.

The Problem:
You’re getting a validation error in Camunda Identity when trying to create a group ID with underscores: “Please enter a valid group ID (only alphanumeric characters and max 256 characters)”

Root Cause:
This appears to be a validation rule enforced by Camunda Identity’s UI, which currently only allows alphanumeric characters for group IDs and doesn’t permit underscores, despite what was mentioned earlier about Camunda 8 supporting underscores.

Current Status:
Based on my search through the documentation, there doesn’t appear to be a documented way to configure this validation pattern in Camunda 8.7. The group ID validation seems to be hardcoded in the Identity component.

Potential Solutions:

Use hyphens instead: Try using hyphens (-) instead of underscores (_) if they’re accepted
Use camelCase: Consider using camelCase naming (e.g., myGroupName)
Keycloak direct management: If you’re using Keycloak as your IdP, you might be able to create groups directly in Keycloak with underscores and then sync them to Camunda Identity

This looks like a limitation/bug that should be reported to the Camunda team, especially since:

The error message suggests only alphanumeric characters are allowed
This contradicts the earlier statement that underscores should be supported in Camunda 8
There’s no documented configuration to modify this validation pattern

Would you like me to help you file a bug report or feature request for this issue? This seems like something that should either be fixed (to allow underscores) or properly documented as a current limitation.

nathan.loding · September 25, 2025, 2:39pm

@devmsaleh - turns out you’ve stumbled on a known bug (apologies for terrible preview from GitHub)!

github.com/camunda/camunda

I cannot create a group with underscore character in the Identity UI

opened 01:22PM - 24 Sep 25 UTC

ThorbenLindhauer

kind/bug severity/low likelihood/low component/identity affects/8.8

### ### ### ### ### Description * Although underscore [is an al…lowed character](https://github.com/camunda/camunda/blob/fd970886cea9a12ec06890d1e64c86e4bd32cc82/security/security-core/src/main/java/io/camunda/security/configuration/SecurityConfiguration.java#L16), the UI validates that it's not and prevents a group with underscore character to be created * We should sync backend and frontend validation pattern (maaaybe through including the pattern in the configuration controller) * We should check that all UIs for creating and editing Identity entities are up to date with the pattern ### Steps to reproduce 1. Go to Identity 2. Create a group with ID `my_group` ### Current behavior * The group cannot be created; the UI highlights that the ID is invalid ### Expected behavior * The group can be created ### Workaround * Create the group via API ### Environment SaaS & SM ### Version - Component Version: [e.g. 2.0.0] ### Rootcause * The frontend validates an outdated pattern; should validate https://github.com/camunda/camunda/blob/fd970886cea9a12ec06890d1e64c86e4bd32cc82/security/security-core/src/main/java/io/camunda/security/configuration/SecurityConfiguration.java#L16 (check for latest version on main at the time of implementation) ### Solution ideas _No response_ ### Dev -> QA handover - Resources: - Versions to validate: - Release version (in which version this feature will be released): ### Links _No response_ ### Automated Test Impact _No response_

Unfortunately I don’t know that the UI fix will be included in the 8.8 release in a couple weeks. However, the API does work correctly:

Lastly, you can configure that validation regular expression in Self-Managed installations. See the environment variables documented here - you are looking for the CAMUNDA_SECURITY_IDVALIDATIONPATTERN variable.

nathan.loding · September 25, 2025, 6:14pm

@devmsaleh - apologies, I misread your post. You have some posts about 8.8-alpha and some about 8.7!

The bug I linked and the validation pattern are specific to 8.8. These capabilities are not in 8.7, they are new with 8.8.