We are using A12 Camunda and we want to use Keycloak to grant access to camunda application so that we can have more users that can login into camunda via Keycloak login UI instead of using the camunda default user/pw.
We already achieved with some custom but we had to exclude UAA, which feels hacky/risky especially for future A12 upgrades.
How to secure Camunda dashboard login with Keycloak using UAA?
hello @quy-amber-river ,
If your project is using Keycloak ask IDP then one possible solution could be: Giving your user access to Camunda without login via Camunda then I assume your Camunda should act as Resource Server and trust token which is issued by Keycloak.
This you need to investigate how to enable Resource Server in Camunda. Probably talk to A12 Workflow team or TPS to clarify how it can be done.
By enable Camunda acts as Resource Server to trust token from Keycloak you should be able to archive what you want.
Hi @quy-amber-river,
First of all, be aware that our A12 Camunda only integrates UAA authentication but not authorization. Therefore, Camunda and Camunda Cockpit must not be available publicly as stated in our docs, unless you implement your own security measures.
If you want users to be able to access Camunda Cockpit using an IDP token from Keycloak, it should be a matter of UAA configuration (because we integrate UAA authentication). If I understand correctly, that’s also @tuan-stable-gale’s suggestion.
UAA supports Resource Server mode and Client mode with Oauth2/OIDC.
mgmtp.a12.uaa.authentication.types=OAUTH2 mode.mgmtp.a12.uaa.authentication.types=OAUTH2_CLIENT mode.Hey @quy-amber-river,
were the responses helpful or are there additional questions from your side?
Thanks for your feedback!