Flowable IDM - Azure Active Directory Integration

Karthik · September 3, 2020, 10:38am

Hi,

Is it possible to integrate Flowable IDM with Azure active directory. If so, are there any reference documentations? The default flowable idm database stores the password in plain text and can’t be used . Similarly the LDAP integration too stores all the connection details in a property file as clear text.

Thanks
Karthik

joram · September 7, 2020, 11:42am

Yes, it is. In the upcoming (soon) 6.6 version, this will be simpler even. We’re writing documentation for that too.

That can be changed in your custom setup, if needs to be.

Karthik · September 8, 2020, 7:53am

Thank you @joram. Is there a way, the password in flowable idm Database can be encrypted using any properties. Is this feature available in Flowable.Thank you again for your support.

Thanks
Karthik

filiphr · September 8, 2020, 8:40am

Hey @Karthik,

Yes you can encrypt the password.

If you are using Spring Boot then the property you are looking for is flowable.idm.password-encoder. The best option is to use spring_delegating for it. You can see the different options here:

github.com

flowable/flowable-engine/blob/77c99582a7065140b08cf0083fec16254734262a/modules/flowable-spring-boot/flowable-spring-boot-starters/flowable-spring-boot-autoconfigure/src/main/java/org/flowable/spring/boot/idm/IdmEngineAutoConfiguration.java#L85-L102


public PasswordEncoder passwordEncoder(FlowableIdmProperties idmProperties) {
    PasswordEncoder encoder;
    String encoderType = idmProperties.getPasswordEncoder();
    if (Objects.equals("spring_bcrypt", encoderType)) {
        encoder = new BCryptPasswordEncoder();
    } else if (encoderType != null && encoderType.startsWith("spring_delegating")) {
        encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
        if (encoderType.equals("spring_delegating_bcrypt")) {
            ((DelegatingPasswordEncoder) encoder).setDefaultPasswordEncoderForMatches(new BCryptPasswordEncoder());
        } else if (encoderType.equals("spring_delegating_noop")) {
            ((DelegatingPasswordEncoder) encoder).setDefaultPasswordEncoderForMatches(NoOpPasswordEncoder.getInstance());
        }
    } else {
        encoder = NoOpPasswordEncoder.getInstance();
    }

    return encoder;
}

In case you are not using Spring Boot, then you need to set the PasswordEncoder in the IdmEngineConfiguration.

Cheers,
Filip

Karthik · September 8, 2020, 12:07pm

Thank you @filiphr. That worked for me. I will wait for version 6.6 to integrate with Azure Active Directory. is there a tentative date when 6.6 would be released.

Thanks
Karthik

duncanad1 · September 8, 2020, 12:22pm

Will the Modeler and Task applications be configurable to use Azure AD too?

joram · September 13, 2020, 8:18pm

Yes, all UI apps will share the same (Spring) security configuration.

balajisundarajan8 · December 14, 2020, 4:39am

can anyone please let us know, how to configure Azure AD with flowable IDM. Is there any sample configuration or documentation ?

manish · August 26, 2021, 11:28am

Hi Joram,

Is the Flowable IDM with Azure active directory version available now. Can you please guide on how the integration can be performed into a spring boot project using flowable
Thanks

mjc · March 31, 2022, 3:20pm

Hi,

Any examples of this yet?

Thank you

filiphr · August 17, 2022, 8:45am

Hey @mjc,

Have you read What’s new with the Open Source Flowable UI Apps? In there we explain how you can connect with an OAuth2 or OpenID system. The AzureAD is such a system.

In addition to that, if you want to query users from AzureAD then you need to configure the Flowable LDAP integration to connect to the AzureAD using LDAP, there is nothing special there.

Cheers,
Filip