Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(oauth2): add Spring Security OAuth2 documentation #1677

Merged
merged 12 commits into from
Oct 4, 2024
Merged
8 changes: 8 additions & 0 deletions content/user-guide/camunda-bpm-run.md
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❓ Do we need to add anything else on this page.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a few more things about configs, logout, customizing.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see anything added on the page? Are any commits missing or?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I mixed the source up, I didn't add anything more here.
I don't think we need more, --oauth2 flag is specified and linked.

Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,14 @@ The start scripts (`start.bat` for Windows, `start.sh` for Linux/Mac) accept the
</td>
<td><code>enabled</code></td>
</tr>
<tr>
<td><code>--oauth2</code></td>
<td>
Enables Spring Security OAuth2 integration.
See dedicated <a href="{{< ref "/user-guide/spring-boot-integration/spring-security.md" >}}">Spring Security OAuth2 Integration</a> documentation for details.
</td>
<td><code>false</code></td>
</tr>
<tr>
<td><code>--help</code></td>
<td>Prints a message showing the available start script arguments.</td>
Expand Down
4 changes: 4 additions & 0 deletions content/user-guide/process-engine/identity-service.md
Original file line number Diff line number Diff line change
Expand Up @@ -376,6 +376,10 @@ The LDAP Identity Provider provides the following configuration properties:
</tr>
</table>

# The OAuth2 Identity Service

See the Spring Security OAuth2 Integration's [OAuth2 Identity Provider]({{< ref "/user-guide/spring-boot-integration/spring-security.md#oauth2-identity-provider" >}}) documentation.

# Throttle login attempts

A mechanism exists for preventing subsequent unsuccessful login attempts.The essence of it is that the user is not able to log in for a specific amount of time after unsuccessful login attempts.
Expand Down
4 changes: 4 additions & 0 deletions content/user-guide/security.md
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,10 @@ To prevent this:
4. Don't allow to reuse an id of a deleted user.


## Spring Security OAuth2

See the Spring Security OAuth2 Integration's [Security Recommendations]({{< ref "/user-guide/spring-boot-integration/spring-security.md#security-recommendations" >}}) documentation.

## Deployments

[Deployments]({{< ref "/user-guide/process-engine/deployments.md" >}}) to the process engine can contain resources that are interpreted like code:
Expand Down
36 changes: 36 additions & 0 deletions content/user-guide/spring-boot-integration/configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -823,6 +823,42 @@ When setting to <code>/</code>, the legacy behavior of Camunda Spring Boot Start
<td>-</td>
</tr>

<tr>
<td colspan="4">
<b>OAuth2</b>
</td>
</tr>
<tr>
<td rowspan="3"><code>camunda.bpm.oauth2.identity-provider</code></td>
<td><code>.enabled</code></td>
<td>Enables the OAuth2 identity provider.</td>
<td><code>true</code></td>
</tr>
<tr>
<td><code>.group-name-attribute</code></td>
<td>Enables and configures the OAuth2 Granted Authorities Mapper.</td>
<td>-</td>
</tr>
<tr>
<td><code>.group-name-delimiter</code></td>
<td>
Configures the delimiter used in the OAuth2 Granted Authorities Mapper.
It's only used if the configured <code>group-name-attribute</code> contains <code>String</code> value.
</td>
<td><code>,</code> (comma)</td>
</tr>
<tr>
<td rowspan="2"><code>camunda.bpm.oauth2.sso-logout</code></td>
<td><code>.enabled</code></td>
<td>Activates the client initiated OIDC logout feature.</td>
<td><code>false</code></td>
</tr>
<tr>
<td><code>.post-logout-redirect-uri</code></td>
<td>Configures the URI the user is redirected after SSO logout from the provider.</td>
<td><code>{baseUrl}</code></td>
</tr>

</table>


Expand Down
Loading