Skip to content

camunda-community-hub/zeebe-keycloak-interceptor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.github
.github
 
 
src
src
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
CODE_OF_CONDUCT.MD
CODE_OF_CONDUCT.MD
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Community extension badge

Zeebe Keycloak Interceptor

This project's purpose is to enable authentication on Zeebe Gateways.

Usage

Quick start

  • Obtain jar with dependencies of this project
    • Maven Coordinates (groupId: org.camunda.community.zeebe.keycloak.interceptor, artifactId: zeebe-keycloak-interceptor)
    • Build by yourself in this project
      • Prerequisites:
        • JDK 11
        • Maven
        • Docker
      • Run: mvn clean verify
  • Copy this jar to the Zeebe Gateway (or Zeebe Broker, if you are using embedded gateways) container
  • Create a JSON configuration file
    • All available configurations (this is the default configuration. The file, that you have created can only override some properties. Also, this project uses the HOCON configuration):
{
  "zeebeKeycloak": {
    "serverUrl": "http://localhost:8080",
    "realm": "test-realm",
    "grantType": "client_credentials",
    "clientId": "test-client-id",
    "clientSecret": "test-client-secret",
    "username": "test-username",
    "password": "test-password",
    "expectedAudience": "test-expected-audience",
    "expectedIssuedFor": "test-expected-issued-for",
    "allowedIssuers": [],
    "minTimeBetweenJwksRequests": "12 s",
    "publicKeyCacheTtl": "12 d"
  }
}
  • Put this file into the Zeebe Gateway container of container path: /tmp/zeebe-keycloak.json
  • Configure the Zeebe Gateway's interceptors (you should point to the jar that we have copied to the container):
    • className should be org.camunda.community.zeebe.keycloak.interceptor.ZeebeKeycloakInterceptor

Configure the configuration file location

The algorithm for resolving the location of the config file:

  1. Looking at the Java property of zeebe.gateway.security.keycloak.config.path
  2. If the previous is missed look at the environment variable: ZEEBE_GATEWAY_SECURITY_KEYCLOAK_CONFIG_PATH
  3. If the previous is missed get this path: /tmp/zeebe-keycloak.json

Versioning

This is still in progress and could be changed in the future. Because we have to build this library against each version of Zeebe (to verify compatibility on class level and so) so the versions will be stick to the Zeebe version with suffix:

^(\d+\.\d+\.\d+)(-\d+)?$

Where this part (\d+\.\d+\.\d+) describing Zeebe version (i.e. 1.0.1, 1.2.11, etc.) and there is optional part that describing patch version of this interceptor: (-\d+), i.e -1, -3, -4. So there is the next valid versions of this library: 1.2.11, 8.0.0-4. In case of chosing version I will recomend to update to the version with suffix, i.e. 1.2.11-5 is preferable than 1.2.11.

About

Keycloak integration to secure Zeebe Gateways

Topics

keycloak zeebe camunda-8

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

7 stars

Watchers

2 watching

Forks

6 forks
Report repository

Releases 1

Zeebe Keycloak Interceptor 1.2.11 Latest
Apr 28, 2022

Packages

 
 
 

Contributors 2

  •  
  •  

Languages