Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- spring.datasource:
- url: jdbc:h2:./camunda-db;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
- #shareable h2 database: jdbc:h2:./camunda-db;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE;AUTO_SERVER=TRUE
- username: sa
- password: sa
- spring.h2.console.enabled: true
- server.port: 8081
- # Externalized Keycloak configuration
- keycloak:
- # SSO Authentication requests. Send by application as redirect to the browser
- url.auth: ${KEYCLOAK_URL_AUTH:http://localhost:8080}
- # SSO Token requests. Send from the application to Keycloak
- url.token: ${KEYCLOAK_URL_TOKEN:http://localhost:8080}
- # Keycloak access for the Identity Provider plugin.
- url.plugin: ${KEYCLOAK_URL_PLUGIN:https://localhost:8443}
- # Keycloak Camunda Identity Client
- client.id: ${KEYCLOAK_CLIENT_ID:camunda-identity-service-new}
- client.secret: ${KEYCLOAK_CLIENT_SECRET:11dc46a6-7062-4aa2-bb13-066a7b41de1b}
- # Spring Boot Security OAuth2 SSO
- spring.security:
- oauth2:
- client:
- registration:
- keycloak:
- provider: keycloak
- client-id: ${keycloak.client.id}
- client-secret: ${keycloak.client.secret}
- authorization-grant-type: authorization_code
- redirect-uri: "{baseUrl}/{action}/oauth2/code/{registrationId}"
- scope: openid, profile, email
- provider:
- keycloak:
- issuer-uri: ${keycloak.url.auth}/auth/realms/camunda-realm
- authorization-uri: ${keycloak.url.auth}/auth/realms/camunda-realm/protocol/openid-connect/auth
- user-info-uri: ${keycloak.url.auth}/auth/realms/camunda-realm/protocol/openid-connect/userinfo
- token-uri: ${keycloak.url.token}/auth/realms/camunda-realm/protocol/openid-connect/token
- jwk-set-uri: ${keycloak.url.token}/auth/realms/camunda-realm/protocol/openid-connect/certs
- # set user-name-attribute one of:
- # - sub -> default; using keycloak ID as camunda user ID
- # - email -> useEmailAsCamundaUserId=true
- # - preferred_username -> useUsernameAsCamundaUserId=true
- user-name-attribute: preferred_username
- # Camunda Keycloak Identity Provider Plugin
- plugin.identity.keycloak:
- keycloakIssuerUrl: ${keycloak.url.plugin}/auth/realms/camunda-realm
- keycloakAdminUrl: ${keycloak.url.plugin}/auth/admin/realms/camunda-realm
- clientId: ${keycloak.client.id}
- clientSecret: ${keycloak.client.secret}
- useEmailAsCamundaUserId: false
- useUsernameAsCamundaUserId: true
- useGroupPathAsCamundaGroupId: true
- administratorGroupName: camunda-admin
- disableSSLCertificateValidation: true
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement