Hello,
We have implemented our own custom identity provider and so far, thankfully, everything has been working as intended. except a weird behavior caused by /process-definition?startableBy=group1
Consider the two scenarios:
if using the modeler we set Candidate Starter Users equals to user1 and using the rest api we call /process-definition?startableBy=user1 everything work as expected
if using the modeler we set Candidate Starter Groups to group1 and we set user1 as a member of group1 and call /process-definition?startableBy=user1 no data is returned
Using the provided admin webapp we can verify that user1 is a member of group1
Are we missing something? does startableBy work only for users and not for groups (we read somewhere that it’s supposed to work)?
Any resource on how startableBy filter work would be very helpful.
We also tried to do the same using the java api using ProcessDefinitionQuery.startableByUser() but we got the same results.
Apparently camunda is trying to query the user-group membership table from the database directly to link the user to the process definition which defeats the purpose of the custom identity provider in our case where users, groups and memberships are stored in an external datasource.
Any help or ideas to solve this are very much appreciated.
The same issue even exists in the case when using Camunda provided LDAP Identity Service. I read the docs and recognize there are some limitations in Multi-Tenancy if using the service, but I cannot find anything about the limitations of user-group mappings. If the the issue is still in the backlog, would you please add some notices about the limitation in docs first?
I got into same trouble. it makes serious challenge when you want to use camunda with custom identity provider
can you set high priority for this issue in jira