Unable to login with SSO 7.9.0

Srikar_Rampally · May 13, 2025, 6:19am

Hi team,

Can anyone help if we have missed anything while setting up SSO for our Camunda app?

Implemented SSOAuthenticationProvider which implements AuthenticationProvider class. Ensured to add authentication objects to session. Also made sure to add userId as part of AuthenticationResult.
Added ContainerBasedAuthenticationFilter with init-param as the new authentication provider

 <filter>
    <filter-name>AuthenticationFilter</filter-name>
    <filter-class>org.camunda.bpm.webapp.impl.security.auth.ContainerBasedAuthenticationFilter</filter-class>
    <init-param>
      <param-name>authentication-provider</param-name>
      <param-value>SSOAuthenticationProvider</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>AuthenticationFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
  </filter-mapping>

With above changes though redirect happens to SSO and code successfully executes SSOAuthenticationProvider, it redirection back to Camunda Login page again which shouldn’t have happened given we have already authenticated. I couldn’t find any failure logs within the app.
I followed the steps mentioned here Securing Camunda 7 | Camunda 8 Docs

Do we need make any other modifications to make sure user is authenticated and bypass Camunda login?

Any leads would be of great help!

Thanks & Regards,
Srikar Rampally

cpbpm · May 14, 2025, 3:05am

have you looked at the community supported implementation?

Srikar_Rampally · May 14, 2025, 4:21pm

Hi,

thanks for providing the link to the snippets. Yes, I did follow camunda-sso-snippets/camunda-sso-jboss-keycloak at master · camunda/camunda-sso-snippets · GitHub particular example while implementing.

One difference I did have is, I didn’t add keycloak.json or something similar. Would this adaptor be required? We have our own SSO (similar to keycloak). Are there any instructions on how setup the adaptor?

Thanks,
Srikar