Hi,
I’m writing a Spring boot application using Keycloak for Authorization/Authentication and managed to integrate Flowable successfully.
As I understand, the users are retrieved from the flowable IdmIdentityService and I would like to create a custom KeycloakIdmIdentityService that will read the users and groups from Keycloak.
public class KeycloakIdmIdentityService implements IdmIdentityService {
...
}
This will avoid to duplicate users data.
To get the users and roles from Keycloak, I setup the keycloak-admin-client library and manage to query the users.
To tell Flowable to use my custom class, I’m injecting an instance of KeycloakIdmIdentityService into the IdmEngineConfiguration
@Bean
@Bean
@Primary
IdmIdentityService getKeycloakIdentityService( KeycloakAdminService keycloakAdminService) {
return new KeycloakIdmIdentityService(keycloakAdminService);
};
Dear Flowable developers, I’m just wondering if it’s the best approach and if anybody already implement such custom IdmIdentityService.
Thanks
Hello
Please, read the following thread, and it seems the mentioned links are useful:
Did you use one of the Flowable Spring Boot starters to embed one of engines (i.e., BPMN, DMN and CMMN)?
See: Flowable OAuth2 Resource Server
Based on the documentation https://flowable.com/open-source/docs/bpmn/ch12-IDM/ I think you should follow how the LDAP identity service was integrated. This is by creating a custom EngineConfigurationConfigurer
Check out the source code of two classes to have an idea about that
org.flowable.spring.boot.ldap.FlowableLdapAutoConfiguration
org.flowable.ldap.LDAPIdentityServiceImpl.java
Yes, I’m using Flowable Spring-Boot starter.
Hi Douglas,
Thank you very much for sharing your article. Really interesting.
Does it mean that to use Flowable with Keycloak, I need to use OpenLDAP to get the user from it ?
Thanks
Then you don’t need to use the Flowable IDM you can store your user’s credentials in a directory server (e.g. OpenLDAP or AD).
For example: Keycloak, Flowable and OpenLDAP
Thanks for you answers,
But my question is about using Keycloak alone as “user repository”.
Is it possible to use Flowable with Keycloak and without LDAP?
Hey @nouhouari,
Everything is possible with some code. You will need to provide your own implementation of the IdmIdentityService. Have a look at the LDAPIdentityServiceImpl to see what needs to be done.
Cheers,
Filip
1 Like
Hi Nouhouari,
I encountered same problem about using keycloak for authentication & anthorization integrate with flowlable, will appreciated it if you can share me with your spring boot application for study.
Thanks in advance.
Hi, I am looking for flowable-rest integration with Keycloak for authentication & fetching user and groups. Its being one of the much needed feature, is there any github repo containing in-progress work for the same that I can refer?
Thanks in advance. Best Regards
Neeraj Gupta
Yes, I’m trying to build something and publish it to the crowd in the next weeks.
This is something that I’ll work on within the next weeks among other things.
Hello @hberrayana
If you have implemented this, please send me a detailed approach or sample code.
Hello, I also have this requirement. May I ask if you have found any way to solve it?