I am facing issue with this repository , Please help me to look how the following steps will be carried out
https://github.com/camunda-consulting/code/tree/master/snippets/springboot-security-sso
Please help with the integration of camunda with keycloak integration SSO
Hi Niall . I have tried with this too . But in this project VonDerBeck camunda-identity-keycloak jar is not in maven repository and not available on google to
Hi Tammay,
the project will be available in a public maven repo in future. As it is based on a standard Maven build, try to check out and build this project locally. This should be a good interim solution.
Cheers
Gunnar
Hi VonDerBeck ,
Building the project locally leads to the no manifest file attribute . I want to know that how will this project runs which will integrate SSO of camunda with keycloak . How will the project jar will be added to the server so that the internal code will be called.
Please help as it is not mentioned in ReadMe.md file .Next i have checked with the keycloak-showcase-master repository where the jar cannot be build . Please help
Hi Tammay,
can you be more specific what your exact errors are?
1.) The plugin itself is in repository https://github.com/VonDerBeck/camunda-identity-keycloak and requires simply JDK 8 and Maven. It is not executable but a library. It can be integrated in your Camunda project in the same way like the LDAP Identity Provider. See project documentation for the setup.
2.) The showcase including the full SSO setup resides in repository https://github.com/VonDerBeck/camunda-showcase-keycloak . In order to make the build process work you should have the above plugin itself compiled and available - at least in your local maven repository.
If this doesn’t work out for you, there is a solution in sight:
I can’t promise, but I’ll do my best.
Gunnar
Hi @VonDerBeck ,
Appreciated your response . Agreed that it is not executable. I will show you what steps i have followed .
I have clone the repo GitHub - VonDerBeck/camunda-identity-keycloak: Camunda Keycloak Identity Provider .
I have typed the command on the repo as mvn clean install -DskipTests and got the output as
Next Step i am not able to understand in the document what will be the next step . Where will i put this whole project or the jar which is created in the target folder in the camunda server
please help us step by step what will the next process after the point 3 .
Appreciated your presence of time
Hi @Tanmay_Naik,
what you have now is the IdentityProvider available in your local maven repo. Your next steps depend on your runtime environment. Are you using Spring Boot or JEE/Wildfly?
When using Spring Boot you have to:
KeycloakIdentityProvider component to your project in order to activate the plugin (see documentation)camunda-identity-service in your realm)plugin.identity.keycloak section in application.yaml)Afterwards the Camunda Identity Service connects to the Keycloak server. But you will still have to login using the camunda login screen.
SSO is the next level. It follows standard Spring OAuth2 Security. You will additionally have to
spring-boot-starter-security and spring-security-oauth2-autoconfigure dependenciesKeycloakAuthenticationProvider and your own WebAppSecurityConfig
security.oauth2 section in your application.yaml
The SSO steps are documented as well. The only Camunda specific code can be found in KeycloakAuthenticationProvider taking care of extracting the authenticated user and querying the corresponding groups using the Identity Provider.
An example can be found within the showcase project.
Regards
Gunnar
Hi @VonDerBeck ,
Truly appreciated your response . I have cloned the Showcase project
[GitHub - VonDerBeck/camunda-showcase-keycloak: Showcase for using Camunda Keycloak Identity Provider ]
Followed this process
version: “3.3”
services:
jboss.keycloak:
build: .
image: jboss/keycloak
restart: always
environment:
TZ: Europe/Berlin
KEYCLOAK_USER: keycloak
KEYCLOAK_PASSWORD: keycloak1!
ports:
- “9001:8443”
Next created Client name as camunda-identity-service
added all the configurations as mentioned in GitHub - VonDerBeck/camunda-identity-keycloak: Camunda Keycloak Identity Provider
Created Roles and added them rights as mentioned in the above link
added the secret key to application.yml file for Oauth2 and for plugin.identity.keycloak:
then started the sever of camunda again
getiing this error Please help
Hi @Tanmay_Naik,
please check your application.yaml URLs and Ports.
It might be important that in order to use Spring Security SSO OAuth2 using https you’ll need a valid SSL certificate on your Keycloak server. This might be a bit exaggerated for a local development environment. When running in cloud environments SSL is very often handled by the load balancer in front etc.
The Keycloak Identity Provider Plugin itself has an option to disable SSL certificate validation. But this is apart from Spring Security SSO, it effects the connection from Camunda Identity Service to Keycloak only. Keycloak generates a self signed certificate upon startup where Spring Security might complain about. So what does this all mean?
ports:
- "9001:8443"
- "9000:8080"
security.oauth2 URLs accordingly. The Showcase has been prepared correctly.This might help you to get it up and running on your local machine. Which is especially helpful for development. Keep in mind, that for production it is not recommended to use plain HTTP.
If this does not help, please examine the log of your Camunda Spring Boot application. What you have provided might not be the real cause and there will very likely be more error messages in the stacktrace or before.
Gunnar
@VonDerBeck,
Yes i have done that .
the error in yml file for enabled is showing as security.basic.enabled is Deprecated
So this causes the error. The docu says that you must not do this and the admin-user part must be deleted. It is a hint for users starting with a standard Camunda Spring Boot configuration.
@VonDerBeck,
So it redirected me to the camunda page when i hit on http://localhost:8080/camunda/login . It redirected me to the http://localhost:8080/camunda/app/welcome/default/ but page didn’t displayed
@Tanmay_Naik: just start with
a) a clean browser (cache deleted / new private window)
b) point browser to http://localhost:8080/camunda
c) login with Keycloak
