Hi Team,
I am Using Camunda BPM Spring boot server. I am able to configure Ldap for authentication. As on when I am starting engine is started the server and able to login Camunda Management UI.
But there is no authorization provided to that user. I have configured admin user as below, and also the same user exist ing Ldap.
camunda.bpm.admin-user.id=demo
camunda.bpm.admin-user.password=demo
I am able to login to Camunda but not able to see any sections like cockpit, tasklist, admin.
Can you help me how to import authorization entries for group and users. Or how to handle this situations.
Thanks
Dinesh Kumar.
Hi @dinesh_kumar,
the default for camunda.bpm.authorization.enabled is false: https://docs.camunda.org/manual/7.12/user-guide/process-engine/authorization-service/#enable-authorization-checks.
Set it to true and the app will work as expected.
Hope this helps, Ingo
Hi @Ingo_Richtsmeier,
I already enabled,
camunda.bpm.database.type=postgres
camunda.bpm.admin-user.id=demo
camunda.bpm.admin-user.password=demo
camunda.bpm.process-engine-name=CamundaSample1
#camunda.bpm.authorization
camunda.bpm.database.schema-update=create
#camunda.bpm.database.table-prefix=cs1
camunda.bpm.authorization.enabled=true
With above configuration, I have enabled Ldap plugin.
So it is try to search user with demo, it found and able to login.
But for the user demo, there is no authorization entries were made.
Since it is a fresh start with empty Database.
Camunda created empty skeleton, not inserted any users and group and auth entries. So I could’t see any db entries for below tables.
act_id_group.
act_ru_authorization.
So demo user logged in successfullly Since there is no authorization for him, does not have any UI section to see cockpit.
Is there is any way to incorporate auth and groups mannually or configuration or setup in camunda engine when login through Ldap setup.
Thanks for quick reply.
Hi @dinesh_kumar,
to connect the spring-boot process engine with LDAP, you need to add the LDAP plugin in your pom.xml and configure the connection: https://docs.camunda.org/manual/7.12/user-guide/process-engine/identity-service/#the-ldap-identity-service.
I havn’t done it by myself, but the demo user from the configuration should not be available, as the LDAP identity provider is read only. The camunda admin user or group is set with configuration of the Administrator authorization plugin: https://docs.camunda.org/manual/7.12/user-guide/process-engine/authorization-service/#the-administrator-authorization-plugin.
Hope this helps, Ingo
Hi @Ingo_Richtsmeier,
That helps me, but as mentioned above I configured my processs.xml, I don’t know where to keep that file so that camunda engine will pick and configure the admin user mentioned int he process.xml.
I tried placing in the resources, Ldap plugin or Camunda process engine is not recognized this file and not created any granting permission to admin user configured.
Please let me know where to place process.xml file so that engine will pick and grant authorization.
Thanks