Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding possible configuration variables for identity and also linked it to the gateway configuration #4863

Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,22 @@ As a Spring Boot application, Identity supports any standard
| `KEYCLOAK_SETUP_CLIENT_ID` | The client to use for authentication during setup of the provided Keycloak. | admin-cli |
| `KEYCLOAK_URL` | The URL of the Keycloak instance to use. | http://localhost:18080/auth |

## Camunda Identity SDK Configuration

These are the names and values which can be used for the identity sdk to ensure proper authentication and authorization with identy.

| Environment Variable | Property | Description | Default Value |
| ----------------------------------- | ----------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `CAMUNDA_IDENTITY_ISSUERBACKENDURL` | `camunda.identity.issuerBackendUrl` | The URL to the auth provider backend, used to validate tokens. This setting can also be overridden using the environment variable | - |
| `CAMUNDA_IDENTITY_AUDIENCE` | `camunda.identity.audience` | The required audience of the auth token. This setting can also be overridden using the environment variable | - |
| `CAMUNDA_IDENTITY_TYPE` | `camunda.identity.type` | Define what kind of authentication type you will use, Choose between `KEYCLOAK`, `MICROSOFT`, `GENERIC` | KEYCLOAK |
| `CAMUNDA_IDENTITY_BASEURL` | `camunda.identity.baseUrl` | The base url of the Camunda Identity instance. This setting can also be overridden using the environment variable | - |
| `CAMUNDA_IDENTITY_ISSUER` | `camunda.identity.issuer` | defines the issuer name, which is used by the services to validate the JWT tokens. | - |
| `CAMUNDA_IDENTITY_JWKS_URL` | `camunda.identity.jwksUrl` | defines the JWKS URL, which is used by the services to validate the JWT tokens. If nothing set it will use the WellKnownEndpoint | - |
| `CAMUNDA_IDENTITY_CLIENT_ID` | `camunda.identity.clientId` | defines the client id, which is used by Zeebe in authentication flows. | - |
| `CAMUNDA_IDENTITY_CLIENT_SECRET` | `camunda.identity.clientSecret` | The client secret for the Identity client. | - |
| `CAMUNDA_IDENTITY_AUTH_SCOPES` | `camunda.identity.authScopes` | AuthScopes | openid email offline_acces |

## License configuration

import Licensing from '../../../self-managed/react-components/licensing.md'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -251,7 +251,7 @@ security:

:::note
The Zeebe configuration properties for Camunda Identity are deprecated as of version `8.4.0`. Use the dedicated
Camunda Identity properties or the [corresponding environment variables](../../identity/deployment/configuration-variables.md#core-configuration).
Camunda Identity properties or the [corresponding sdk environment variables](../../identity/deployment/configuration-variables.md#camunda-identity-sdk-configuration).
:::

| Field | Description | Example value |
Expand Down
Loading