This is the code I meant
identityService.setAuthentication(...);
Authentication should be handled by your application then passed to camunda using the above call. You can do that using servlet filter where you call the above setAuthentication() method “The filter should be mapped to the URL pattern of your jsf task forms”. That way the current authentication would be available in the current thread where jsf task form is running.