but the issue is, After logging in from the keycloak login page I got directed to the camunda login page also and there was a server error notification and no credentials are working so I’m not sure what could be causing this
Keycloak can be very finicky about what it wants in terms of configuration, etc. Can you post some more details about how you’ve configured your Realm in Keycloak? Sometimes just a simple missed / in an allowed URL can cause problems.
I’ve had some experience with Keycloak, so hopefully I can help. (Now that you mention it, I should really go secure my Camunda-BPM-Run instance with Keycloak too.)
Hi @davidgs . So I was using an already configured realm named camunda and I start that keycloak server by running a seperate docker compose file with the following :
What are the realm settings for the camunda realm? Specifically the Root URL, Valid Redirect URL etc. As these are very specific and can prevent Keycloak from functioning.
I also notice that your Keycloak version is very out of date, as they are up to v15.0.2 at this point (that’s the version I run).
I am working on spinning up a Keycloak server to do authentication for my Camunda instance so I’ll be able to give you more information in a bit, I hope.
So I’ve set up a Keycloak Server (v15.0.2) fronting the authentication for Camunda BPM Run (v7.15.4-ee) And I’ve gotten it working after a bit of tinkering.
The Keycloak Realm and Client settings are very important to get right, as is the configuration file for Camunda. But once those are squared away, things seem to work just fine.
Once that was all set up, I added the following configuration to my production.yml file for Camunda Platform Run:
# Camunda Keycloak Identity Provider Plugin
plugin.identity.keycloak:
keycloakIssuerUrl: https://<KeycloakServer>:9443/auth/realms/camunda
keycloakAdminUrl: https://<KeycloakServer>:9443/auth/admin/realms/camunda
clientId: camunda-id-client
clientSecret: <copy from your client secret on Keycloak Server
useUsernameAsCamundaUserId: true
useGroupPathAsCamundaGroupId: true
administratorGroupName: camunda-admin
disableSSLCertificateValidation: true
Note: The user you want to sign in to the Camunda interface with must already exist in keycloak. I have not, so far, found a way to have the Camunda Login Page redirect to the Keycloak ‘Login/Register’ page but I’ll keep digging. The users must also be in the camunda-admin group.