Custom authentication for flowable-control

In our organization we are using x509-based PKI authentication. As the flowable endpoints inside the application are protected with PKI as well how does one setup/configure the flowable-control-app to use certificates to authenticate with the flowable cluster?
It does not need to pass through the actual user’s credentials using flowable-control, it could also use its own certificate (provided by us).

Documentation says flowable uses spring-security but flowable-control-app is only available as a war file so it cannot be embedded.

Flowable Control is one of the Commercial products. Are you evaluating an Enterprise Trial? If so, there is a section of the Enterprise Forum for the trial (

Just for completeness, Control does have a spring boot starter in our private maven repository which would allow you to customize the security configuration. This repository is only available to enterprise customers.

Thanks wwitt. I have contacted flowable support for this. With the commercial flowable dependencies I am able to change both the server and client authentication methods.

Darkvater, Did you customize the Control to Work authentication as well? If so could you please share the details on the authentication method used.