Best practice on integration with custom user authentication & authorization service in Spring Cloud

Our current platform is a microservices platform built on top of Spring Cloud, and we have a dedicated User Authentication & Authorization microservice, which uses spring security and spring oauth2 implementation. (More specifically, we’re using JHipster generated UAA server)

Currently we’re looking into integrating flowable engine into our microservices platform as a “bpm” service. And in “bpm” service, there is no need for future authentication, because we can assume that there is always a valid security context when any request reaches the service (the microservice gateway is making sure of this)

We have digged into the documentation for quite some time, and understand that there is an option of writing our custom IdmIdentityServiceImpl implementation to replace the whole identity management service. But is there any other option, since we don’t want flowable to perform any authentication and just getting user/group information from existing security context?

Could anyone help advice what will be the best practice for such scenario? Thanks in advance!

Another option for you might be to disable the IdmIdentityService all together since UAA and Spring’s SecurityContext are providing you with the necessary identity information. This may be a better option for you if you are only deploying the Flowable Engine as a microservice in your environment and not the Flowable UI applications.

To disable the IdmIdentityService set the following property in bootstrap.properties.
flowable.idm.enabled=false

Thank you!! We’ll definitely give that a try. Is it still possible to use the modeler web UI or task management web UI app while idm is disabled?