Camunda REST API

[skemaikin]

Hi, thank you for the great plugin. I have noticed a strange behavior: when using Camunda REST API user/password are not required. Queries: curl -X GET -i http://localhost:8090/engine-rest/process-definition and curl -u "user:user" -X GET -i http://localhost:8090/engine-rest/process-definition returns the same results. Is such a behavior resulted through the wrong Keycloak settings or is it an error?

[VonDerBeck]

Hi @skemaikin,

have you had a look at the SSO Kubernetes example? See https://github.com/camunda-community-hub/camunda-platform-7-keycloak/tree/master/examples/sso-kubernetes REST security is not activated out of the box in Camunda. Have a look at the package https://github.com/camunda-community-hub/camunda-platform-7-keycloak/tree/master/examples/sso-kubernetes/src/main/java/org/camunda/bpm/extension/keycloak/showcase/rest. Especially the KeycloakAuthentication filter might give you an idea what's missing. And do not forget to set camunda.bpm.authorization.enabled: true in your application.yaml.

Hope that helps.

[skemaikin]

Hi @VonDerBeck, thank you for the answer. But I am just trying to wire Keycloak and Camunda and I haven't got any other application (application.yaml either). I have just checked the Camunda REST API and was surprised by the response. I have default.yml and production.yml. How do I set the rest.security setting to make it work correct?

[skemaikin]

Hi again, I solved the problem. The solution is: camunda.bpm.run.auth.enabled: true.

Thank you for the great plugin!