Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,9 @@ Name | Mapper type | User attribute | Token clain name | Claim JSON type | Add t
sso:
enabled: true
use_regular_login: true
service_user:
login: "service_user_login"
password: "service_user_password"
keycloak:
auth_server_url: "http://keycloak_host:keycloak_port/auth/"
realm: hydra
Expand All @@ -142,6 +145,8 @@ sso:
- homs
```

`service_user` is required when SSO is enabled on Camunda but HOMS users log in via regular login (`use_regular_login: true`). The widget authenticates to Keycloak with these credentials to obtain tokens for Camunda API calls. A single service user is shared across all Camunda instances configured for the widget.

### Filter business processes by user

Set `cadidate_starters.enabled` in `hbw.yml` to `true` to send user email to camunda when fetching business processes definition. That way you can allow users to run only certain business processes.
Expand Down
3 changes: 3 additions & 0 deletions config/homs_configuration.default.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@ base_url: '/'
sso:
enabled: false
use_regular_login: true
service_user:
login: login
password: password
keycloak:
auth_server_url: "http://0.0.0.0:8080/auth/"
realm: hydra
Expand Down
2 changes: 1 addition & 1 deletion hbw/app/controllers/hbw/base_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ def log
end

def auth_service_user
service_user_config = Rails.application.config.app[:sso][:service_user]
service_user_config = Rails.application.config.app[:sso].fetch(:service_user)
session_state = yield HOMS.container[:keycloak_client].authenticate_by_password!(
service_user_config.fetch(:login),
service_user_config.fetch(:password)
Expand Down
Loading