In our organization we are using x509-based PKI authentication. As the flowable endpoints inside the application are protected with PKI as well how does one setup/configure the flowable-control-app to use certificates to authenticate with the flowable cluster?
It does not need to pass through the actual user’s credentials using flowable-control, it could also use its own certificate (provided by us).
Documentation says flowable uses spring-security but flowable-control-app is only available as a war file so it cannot be embedded.
Flowable Control is one of the Commercial products. Are you evaluating an Enterprise Trial? If so, there is a section of the Enterprise Forum for the trial (https://forum.flowable.com/c/trial).
Just for completeness, Control does have a spring boot starter in our private maven repository which would allow you to customize the security configuration. This repository is only available to enterprise customers.
Thanks wwitt. I have contacted flowable support for this. With the commercial flowable dependencies I am able to change both the server and client authentication methods.