Hello Everybody !
I need your advice about best practice of building Web-Application with User interface for Camunda 8 and SSO authentication with Microsoft Active Directory (AD).
One way is to make direct SSO authentication with AD, get user groups from this LDAP and make authorization to tabs and buttons depending of LDAP groups.
From another hand, Camunda Identity already has Users and I can create and assign Roles to all Users inside of Identity. I use Camunda Identity to authenticate and authorize access from Spring Boot App to Tasklist API by registering my Application (Client ID + Client secret).
Camunda Identity integrated with Keycloak and I can see in Identity all users from Keycloak realm “camunda-platform”.
Next, Keycloak gets users from Microsoft AD by User Federation integration. So, I can see Users from AD in Camunda Identity and assign Roles to they.
So, what was idea to show Users in Camunda Identity ?
Is it possible to use Identity for users SSO authentication and/or authorization ?
How to get access to Name, Username and Assigned Roles in Identity from java ?