Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding possible configuration variables for identity and also linked it to the gateway configuration #4863

Open
wants to merge 14 commits into
base: main
Choose a base branch
from
Open
Changes from 5 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions docs/self-managed/identity/deployment/configuration-variables.md
jonathanlukas marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -27,6 +27,20 @@ As a Spring Boot application, Identity supports any standard
| `KEYCLOAK_SETUP_CLIENT_ID` | The client to use for authentication during setup of the provided Keycloak. | admin-cli |
| `KEYCLOAK_URL` | The URL of the Keycloak instance to use. | http://localhost:18080/auth |

## Camunda Identity Configuration

| Environment Variable | Property | Description | Default Value |
| --------------------------------- | ---------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| CAMUNDA_IDENTITY_ISSUERBACKENDURL | issuerBackendUrl | The URL to the auth provider backend, used to validate tokens. This setting can also be overridden using the environment variable | - |
jonathanlukas marked this conversation as resolved.
Show resolved Hide resolved
| CAMUNDA_IDENTITY_AUDIENCE | audience | The required audience of the auth token. This setting can also be overridden using the environment variable | - |
jonathanlukas marked this conversation as resolved.
Show resolved Hide resolved
| CAMUNDA_IDENTITY_TYPE | type | Define what kind of authentication type you will use, Choose between `KEYCLOAK`, `MICROSOFT`, `GENERIC` | KEYCLOAK |
| CAMUNDA_IDENTITY_BASEURL | baseUrl | The base url of the Camunda Identity instance. This setting can also be overridden using the environment variable | - |
| CAMUNDA_IDENTITY_ISSUER | issuer | defines the issuer name, which is used by the services to validate the JWT tokens. | - |
| CAMUNDA_IDENTITY_JWKS_URL | jwksUrl | defines the JWKS URL, which is used by the services to validate the JWT tokens. If nothing set it will use the WellKnownEndpoint | - |
| CAMUNDA_IDENTITY_CLIENT_ID | clientId | defines the client id, which is used by Zeebe in authentication flows. | - |
| CAMUNDA_IDENTITY_CLIENT_SECRET | clientSecret | The client secret for the Identity client. | - |
| CAMUNDA_IDENTITY_AUTH_SCOPES | authScopes | AuthScopes | openid email offline_acces |

## License configuration

import Licensing from '../../../self-managed/react-components/licensing.md'
Original file line number Diff line number Diff line change
@@ -275,7 +275,7 @@ security:

:::note
The Zeebe configuration properties for Camunda Identity are deprecated as of version `8.4.0`. Use the dedicated
Camunda Identity properties or the [corresponding environment variables](../../identity/deployment/configuration-variables.md#core-configuration).
Camunda Identity properties or the [corresponding environment variables](../../identity/deployment/configuration-variables.md#camunda-identity-configuration).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Camunda Identity properties or the [corresponding environment variables](../../identity/deployment/configuration-variables.md#camunda-identity-configuration).
Camunda Identity properties or the [corresponding environment variables](../../identity/deployment/configuration-variables.md#camunda-identity-sdk-configuration).

:::

| Field | Description | Example value |
Original file line number Diff line number Diff line change
@@ -27,6 +27,19 @@ As a Spring Boot application, Identity supports any standard
| `KEYCLOAK_SETUP_CLIENT_ID` | The client to use for authentication during setup of the provided Keycloak. | admin-cli |
| `KEYCLOAK_URL` | The URL of the Keycloak instance to use. | http://localhost:18080/auth |

## Camunda Identity Configuration
jonathanlukas marked this conversation as resolved.
Show resolved Hide resolved

jonathanlukas marked this conversation as resolved.
Show resolved Hide resolved
| Environment Variable | Property | Description | Default Value |
| --------------------------------- | ---------------- | --------------------------------------------------------------------------------------------------------------------------------- | ------------- |
| CAMUNDA_IDENTITY_ISSUERBACKENDURL | issuerBackendUrl | The URL to the auth provider backend, used to validate tokens. This setting can also be overridden using the environment variable | - |
| CAMUNDA_IDENTITY_AUDIENCE | audience | The required audience of the auth token. This setting can also be overridden using the environment variable | - |
| CAMUNDA_IDENTITY_TYPE | type | Define what kind of authentication type you will use, Choose between `KEYCLOAK`, `MICROSOFT`, `GENERIC` | KEYCLOAK |
| CAMUNDA_IDENTITY_BASEURL | baseUrl | The base url of the Camunda Identity instance. This setting can also be overridden using the environment variable | - |
| CAMUNDA_IDENTITY_ISSUER | issuer | defines the issuer name, which is used by the services to validate the JWT tokens. | - |
| CAMUNDA_IDENTITY_JWKS_URL | jwksUrl | defines the JWKS URL, which is used by the services to validate the JWT tokens. If nothing set it will use the WellKnownEndpoint | - |
| CAMUNDA_IDENTITY_CLIENT_ID | clientId | defines the client id, which is used by Zeebe in authentication flows. | - |
| CAMUNDA_IDENTITY_CLIENT_SECRET | clientSecret | The client secret for the Identity client. | - |

### Component configuration

Identity supports component configuration using preset values. To configure a
Original file line number Diff line number Diff line change
@@ -337,7 +337,7 @@ Read more [in the multi-tenancy documentation](../../../self-managed/concepts/mu
:::note
For now, multi-tenancy is only supported in combination with Identity.
To use multi-tenancy, you must set [`authentication.mode`](#zeebegatewayclustersecurityauthentication) to `'identity'` and specify the
`camunda.identity.baseUrl` property or the [corresponding Camunda Identity environment variable](../../identity/deployment/configuration-variables.md#core-configuration)
`camunda.identity.baseUrl` property or the [corresponding Camunda Identity environment variable](../../identity/deployment/configuration-variables.md#camunda-identity-configuration)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
`camunda.identity.baseUrl` property or the [corresponding Camunda Identity environment variable](../../identity/deployment/configuration-variables.md#camunda-identity-configuration)
Camunda Identity properties or the [corresponding environment variables](../../identity/deployment/configuration-variables.md#camunda-identity-sdk-configuration).

as well.
:::

Original file line number Diff line number Diff line change
@@ -27,6 +27,20 @@ As a Spring Boot application, Identity supports any standard
| `KEYCLOAK_SETUP_CLIENT_ID` | The client to use for authentication during setup of the provided Keycloak. | admin-cli |
| `KEYCLOAK_URL` | The URL of the Keycloak instance to use. | http://localhost:18080/auth |

## Camunda Identity Configuration
jonathanlukas marked this conversation as resolved.
Show resolved Hide resolved

jonathanlukas marked this conversation as resolved.
Show resolved Hide resolved
| Environment Variable | Property | Description | Default Value |
| --------------------------------- | ---------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| CAMUNDA_IDENTITY_ISSUERBACKENDURL | issuerBackendUrl | The URL to the auth provider backend, used to validate tokens. This setting can also be overridden using the environment variable | - |
| CAMUNDA_IDENTITY_AUDIENCE | audience | The required audience of the auth token. This setting can also be overridden using the environment variable | - |
| CAMUNDA_IDENTITY_TYPE | type | Define what kind of authentication type you will use, Choose between `KEYCLOAK`, `MICROSOFT`, `GENERIC` | KEYCLOAK |
| CAMUNDA_IDENTITY_BASEURL | baseUrl | The base url of the Camunda Identity instance. This setting can also be overridden using the environment variable | - |
| CAMUNDA_IDENTITY_ISSUER | issuer | defines the issuer name, which is used by the services to validate the JWT tokens. | - |
| CAMUNDA_IDENTITY_JWKS_URL | jwksUrl | defines the JWKS URL, which is used by the services to validate the JWT tokens. If nothing set it will use the WellKnownEndpoint | - |
| CAMUNDA_IDENTITY_CLIENT_ID | clientId | defines the client id, which is used by Zeebe in authentication flows. | - |
| CAMUNDA_IDENTITY_CLIENT_SECRET | clientSecret | The client secret for the Identity client. | - |
| CAMUNDA_IDENTITY_AUTH_SCOPES | authScopes | AuthScopes | openid email offline_acces |

## OIDC configuration

| Evnironment variable | Description | Default value |
Original file line number Diff line number Diff line change
@@ -251,7 +251,7 @@ security:

:::note
The Zeebe configuration properties for Camunda Identity are deprecated as of version `8.4.0`. Use the dedicated
Camunda Identity properties or the [corresponding environment variables](../../identity/deployment/configuration-variables.md#core-configuration).
Camunda Identity properties or the [corresponding environment variables](../../identity/deployment/configuration-variables.md#camunda-identity-configuration).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Camunda Identity properties or the [corresponding environment variables](../../identity/deployment/configuration-variables.md#camunda-identity-configuration).
Camunda Identity properties or the [corresponding environment variables](../../identity/deployment/configuration-variables.md#camunda-identity-sdk-configuration).

:::

| Field | Description | Example value |
Original file line number Diff line number Diff line change
@@ -27,6 +27,20 @@ As a Spring Boot application, Identity supports any standard
| `KEYCLOAK_SETUP_CLIENT_ID` | The client to use for authentication during setup of the provided Keycloak. | admin-cli |
| `KEYCLOAK_URL` | The URL of the Keycloak instance to use. | http://localhost:18080/auth |

## Camunda Identity Configuration
jonathanlukas marked this conversation as resolved.
Show resolved Hide resolved

jonathanlukas marked this conversation as resolved.
Show resolved Hide resolved
| Environment Variable | Property | Description | Default Value |
| --------------------------------- | ---------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| CAMUNDA_IDENTITY_ISSUERBACKENDURL | issuerBackendUrl | The URL to the auth provider backend, used to validate tokens. This setting can also be overridden using the environment variable | - |
| CAMUNDA_IDENTITY_AUDIENCE | audience | The required audience of the auth token. This setting can also be overridden using the environment variable | - |
| CAMUNDA_IDENTITY_TYPE | type | Define what kind of authentication type you will use, Choose between `KEYCLOAK`, `MICROSOFT`, `GENERIC` | KEYCLOAK |
| CAMUNDA_IDENTITY_BASEURL | baseUrl | The base url of the Camunda Identity instance. This setting can also be overridden using the environment variable | - |
| CAMUNDA_IDENTITY_ISSUER | issuer | defines the issuer name, which is used by the services to validate the JWT tokens. | - |
| CAMUNDA_IDENTITY_JWKS_URL | jwksUrl | defines the JWKS URL, which is used by the services to validate the JWT tokens. If nothing set it will use the WellKnownEndpoint | - |
| CAMUNDA_IDENTITY_CLIENT_ID | clientId | defines the client id, which is used by Zeebe in authentication flows. | - |
| CAMUNDA_IDENTITY_CLIENT_SECRET | clientSecret | The client secret for the Identity client. | - |
| CAMUNDA_IDENTITY_AUTH_SCOPES | authScopes | AuthScopes | openid email offline_acces |

## License configuration

import Licensing from '../../../self-managed/react-components/licensing.md'
Original file line number Diff line number Diff line change
@@ -251,7 +251,7 @@ security:

:::note
The Zeebe configuration properties for Camunda Identity are deprecated as of version `8.4.0`. Use the dedicated
Camunda Identity properties or the [corresponding environment variables](../../identity/deployment/configuration-variables.md#core-configuration).
Camunda Identity properties or the [corresponding environment variables](../../identity/deployment/configuration-variables.md#camunda-identity-configuration).
jonathanlukas marked this conversation as resolved.
Show resolved Hide resolved
:::

| Field | Description | Example value |
Loading