Custom IdentityService

I am Spring Boot Flowable autoconfiguration.

I have a custom service that implements the interface IdentityService. I also have set the IDM engine to not start. I dont want to even load the Identity tables.

My question is how can I inject my IndentityService into the process engine? I am not sure how to get a handle to the process engine context .

To do this, you’d need to have an implementation that looks like the ldap implementation that’s in the flowable-ldap module:

The way that one is injected in the engine is by adding a custom configurator, like this one:

Thanks Joram.

I have implemented they way the LDAP was done. It works.

For some reason I was thinking that the IDM property could be used to not load IDM tables and service:
flowable.idm.enabled: false
But this is not working as the my Identity service is never invoked. I must be misunderstanding if IDM can be disabled and still use custom Identity implementation.

@tjmac, I am curious what your custom identity service does…I have a similar requirement to implement a custom identity service and I am currently lost on how to go about it…would appreciate any help.

Basically I have a class that extends GroupQueryImpl to get the authorities from Spring Security. I override the following in Groovy:

public List executeList(CommandContext commandContext) {
return executeQuery()

List<Group> executeQuery() {

    def groups = []

    def authorities = SecurityContextHolder.getContext().getAuthentication().authorities
    authorities.each {
        GrantedAuthority grantedAuthority ->
        groups.add(new GroupEntityImpl(id:grantedAuthority.authority))

@ righthireinc Since Spring Security context has already taken care of Authentication and has the Roles/Groups we need. I just need to fetch the roles and the engine can now associate a userid to a candidate group.

How can one configure the modeler to authenticate against the custom IDM?

is it required to implement everything? like are userQuery and GroupQuery classes both required? i checked the source code for other operations and they don’t directly use User or GroupQuery and just store the link with 3 strings. LinkId+UserId+GroupId so i think it’s safe to say they are not required.