Keycloak Camunda Identity Provider Plugin doesn't redirect to Keycloak login form

Hi everyone!
I want to install Keycloak Camunda Identity Provider Plugin on Camunda in docker image built from camunda/camunda-bpm-platform:7.17.0.

I was guided by Installation on Tomcat guide on the plugin’s github page: camunda-bpm-identity-keycloak/examples/tomcat at master · camunda-community-hub/camunda-bpm-identity-keycloak · GitHub

I add camunda-bpm-identity-keycloak-all-2.2.3.jar (downloaded from releases page) into /camunda/lib/ and bpm-platform.xml into /camunda/conf/ in docker container.

My bpm-platform.xml contains:

      <plugin>
        <class>org.camunda.bpm.extension.keycloak.plugin.KeycloakIdentityProviderPlugin</class>
        <properties>
            <property name="keycloakIssuerUrl">http://localhost:8081/auth/realms/hydra</property>
            <property name="keycloakAdminUrl">http://localhost:8081/auth/admin/realms/hydra</property>
            <property name="clientId">camunda-identity-service</property>
            <property name="clientSecret">4cc3506c-91fb-41eb-8494-ec55d667c8e0</property>
            <property name="useUsernameAsCamundaUserId">true</property>
            <property name="useGroupPathAsCamundaGroupId">true</property>
            <property name="administratorGroupName">camunda-admin</property>
            <property name="disableSSLCertificateValidation">true</property>
        </properties>
      </plugin>

I build and run my container and don’t see any errors. But when I open localhost:8080 (where my Camunda was launched) redirection to Keycloak doesn’t happen and I see only native Camunda’s login/password form. At the same time If I enter to Keycloak like admin I can see a session with my Camunda app.

How to enable login by Keycloak in my case? Maybe I’m doing something wrong?

Thank you in advance!

Hi @theodor ,

Have you read through this post yet? It gives a fairly detailed step-by-step process for using Keycloak as the identity provider for Camunda.

If that doesn’t solve your issue, please let me know and I can try to help out some more. I’ve worked a fair amount with Keycloak these days. :slight_smile:

Best Regards,
dg

Hi @theodor,

as far as I understand your setup consists of adding the Keycloak community extension to a Tomcat distribution.This means, that you have changed the original identity provider to now work with Keycloak. This is all your setup does. It does not include SSO. If you want to have full SSO, please go to sample provided at camunda-platform-7-keycloak/examples/sso-kubernetes at master · camunda-community-hub/camunda-platform-7-keycloak · GitHub.

Thank you for your response! I saw this example, but it’s for Java Spring Boot distribution. How can I use this example to build my solution for Tomcat distribution?

Thank you for your response! I’ve read this post, but it didn’t help me. Because It’s about Run distribution, but I use Tomcat distribution

@theodor:

SSO with Tomcat is a totally different story… You could have a look at the work of GitHub - iceman91176/camunda-bpm-auth-keycloak-sso - he uses the Keycloak Identity Provider under the hood as well but has worked on the Tomcat stuff.

Hope this helps.

1 Like