-
Feature Request
-
Resolution: Unresolved
-
L3 - Default
-
None
-
None
User Story (Required on creation):
As Software Developer, I want to integrate Camunda Run with Cloud SSO providers (e.g. Azure B2C Service).
Functional Requirements (Required before implementation):
- Use Spring Security at least for Webapp and REST API Security if possible.{}
Limitations of Scope (Optional):
Hints (Optional):
This is the controller panel for Smart Panels app
[CAM-11308] Support Cloud SSO for Spring Boot
Hi robert.emsbach,
Can you provide us with some more details on how this should work for the user? We would deliver Spring Security with RUN, and the user would configure the SSO in the server.xml?
Do you have an overview of the changes to be made in RUN other than adding the Spring Security library?
Greets Tobias
We would also need to include spring-boot-starter-oauth2-client.
I have not completed this with RUN because it was missing Spring Security. The idea is that one can use the plugin mechanism to register Spring configurations and beans, which add the desired SSO support (e.g. https://github.com/rob2universe/camunda7-oauth2-google/blob/main/src/main/java/org/camunda/example/sso/webapp/oauth2/WebAppSecurityConfig.java).
3rd party libs from SSO providers may require more bootstrapping and would also need to be registered as plugins or included ootb (not sure if a plugin can add a Spring boot Starter).
Google (https://github.com/rob2universe/camunda7-oauth2-google) works with standard oauth2:
https://github.com/rob2universe/camunda7-oauth2-google/blob/main/pom.xml
Azure libs contain own Spring Boot config and beans:
Does Okta also count as a Cloud SSO?
Integrate Camunda Platform Run Docker with Okta - Camunda Platform 7 Topics / Camunda Platform 7 Process Engine - Camunda Platform Forum
Sure, Okta is also an SSO option. The form post illustrates the hoops one currently has to go through. This ticket should make this easier.
Here someone has modified run to include Spring Security (and Okta plugin). This kind of "dirty solution" should be avoided my having it ootb.
Hi Robert
This is my post on stackoverflow regarding loading spring security dynamically and I agree there is no clean way to do it apart from including OOTB in Camunda.
I have derived a slightly better way to manage spring security dependencies but nothing beats OOTB added in Camunda run. Check my post here .
https://forum.camunda.io/t/integrate-camunda-platform-run-docker-with-okta/39444/8
Ideally a switch to turn off/on spring security will also be good.
https://forum.camunda.io/t/spring-security-plugin-for-camunda-run-distribution/38284/5
This ticket was migrated to github: https://github.com/camunda/camunda-bpm-platform/issues/2383. Please use this link for any future references and continue any discussion there.
Closing for now as per the description this is purely a refactoring without product value. We can of course still do it if we have a stronger motivation (e.g. if we want to use Spring Security features).