Flowable IDM - Azure Active Directory Integration

Karthik · September 3, 2020, 10:38am

Hi,

Is it possible to integrate Flowable IDM with Azure active directory. If so, are there any reference documentations? The default flowable idm database stores the password in plain text and can’t be used . Similarly the LDAP integration too stores all the connection details in a property file as clear text.

Thanks
Karthik

joram · September 7, 2020, 11:42am

Yes, it is. In the upcoming (soon) 6.6 version, this will be simpler even. We’re writing documentation for that too.

That can be changed in your custom setup, if needs to be.

Karthik · September 8, 2020, 7:53am

Thank you @joram. Is there a way, the password in flowable idm Database can be encrypted using any properties. Is this feature available in Flowable.Thank you again for your support.

Thanks
Karthik

filiphr · September 8, 2020, 8:40am

Hey @Karthik,

Yes you can encrypt the password.

If you are using Spring Boot then the property you are looking for is flowable.idm.password-encoder. The best option is to use spring_delegating for it. You can see the different options here:

github.com

flowable/flowable-engine/blob/77c99582a7065140b08cf0083fec16254734262a/modules/flowable-spring-boot/flowable-spring-boot-starters/flowable-spring-boot-autoconfigure/src/main/java/org/flowable/spring/boot/idm/IdmEngineAutoConfiguration.java#L85-L102


public PasswordEncoder passwordEncoder(FlowableIdmProperties idmProperties) {
    PasswordEncoder encoder;
    String encoderType = idmProperties.getPasswordEncoder();
    if (Objects.equals("spring_bcrypt", encoderType)) {
        encoder = new BCryptPasswordEncoder();
    } else if (encoderType != null && encoderType.startsWith("spring_delegating")) {
        encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
        if (encoderType.equals("spring_delegating_bcrypt")) {
            ((DelegatingPasswordEncoder) encoder).setDefaultPasswordEncoderForMatches(new BCryptPasswordEncoder());
        } else if (encoderType.equals("spring_delegating_noop")) {
            ((DelegatingPasswordEncoder) encoder).setDefaultPasswordEncoderForMatches(NoOpPasswordEncoder.getInstance());
        }
    } else {
        encoder = NoOpPasswordEncoder.getInstance();
    }

    return encoder;
}

In case you are not using Spring Boot, then you need to set the PasswordEncoder in the IdmEngineConfiguration.

Cheers,
Filip

Karthik · September 8, 2020, 12:07pm

Thank you @filiphr. That worked for me. I will wait for version 6.6 to integrate with Azure Active Directory. is there a tentative date when 6.6 would be released.

Thanks
Karthik

duncanad1 · September 8, 2020, 12:22pm

Will the Modeler and Task applications be configurable to use Azure AD too?

joram · September 13, 2020, 8:18pm

Yes, all UI apps will share the same (Spring) security configuration.

balajisundarajan8 · December 14, 2020, 5:38pm

can anyone please let us know, how to configure Azure AD with flowable IDM. Is there any sample configuration or documentation ?