This library allows to replace Flowable IDM with Keycloak integration (through OpenID Connect) to the Flowable Apps (https://flowable.com/open-source/docs/bpmn/ch14-Applications/).
Add the following maven dependency to your project pom.xml:
<dependency>
<groupId>com.premiumminds.flowable</groupId>
<artifactId>flowable-keycloak</artifactId>
<version>1.6</version>
</dependency>Check out sonatype repository for latest snapshots and releases.
This example works for the flowable-ui-* projects in the flowable repository:
Add the flowable-keycloak library to the POM of the flowable-ui-*-conf project.
Changes in the SecurityConfiguration class in the flowable-ui-*-conf project:
- Replace the class
FlowableCookieFilterRegistrationBeanwithKeycloakCookieFilterRegistrationBean
This library reads the following configurations:
keycloak.url = <keycloak url>
keycloak.realm = <realm>
keycloak.issuer-url = <realm url, usually something like: http://example.com/auth/realms/mycompany>
keycloak.client.client-id = <client id>
keycloak.client.client-secret = <client secret>
keycloak.client.scope = openid roles
keycloak.client.redirect-uri = ${flowable.common.app.redirect-on-auth-success}/callback
keycloak.connect-timeout = 10000
keycloak.read-timeout = 10000
For testing, you can add this configurations to the file
src/main/resources/flowable-default.properties in the "flowable-ui-*-app" project.
The library will add the client roles as flowable priviledges.
Flowable uses the following priviledges:
access-modeleraccess-rest-apiaccess-adminaccess-task
So you should have this as client roles in keycloak instance.
CI is hosted by travis-ci.com
Copyright (C) 2020 Premium Minds
Licensed under the GNU Lesser General Public Licence