feat: support keycloakTokenUrl for Self-Managed

(cherry picked from commit 7e98147)
camunda-community-hub · Jan 2, 2024 · 56af414 · 56af414
1 parent 4e529ca
commit 56af414
Show file tree

Hide file tree

Showing 6 changed files with 52 additions and 4 deletions.
diff --git a/...-sdk-java/java-common/src/main/java/io/camunda/common/auth/SelfManagedAuthentication.java b/...-sdk-java/java-common/src/main/java/io/camunda/common/auth/SelfManagedAuthentication.java
@@ -29,6 +29,7 @@ public class SelfManagedAuthentication extends JwtAuthentication {
   // TODO: Check with Identity about upcoming IDPs to abstract this
   private String keycloakRealm = "camunda-platform";
   private String keycloakUrl;
+  private String keycloakTokenUrl;
   private JwtConfig jwtConfig;
   private Map<Product, String> tokens;
 
@@ -51,13 +52,21 @@ public void setKeycloakUrl(String keycloakUrl) {
     this.keycloakUrl = keycloakUrl;
   }
 
+  public void setKeycloakTokenUrl(String keycloakTokenUrl) {
+    this.keycloakTokenUrl = keycloakTokenUrl;
+  }
+
   public void setJwtConfig(JwtConfig jwtConfig) {
     this.jwtConfig = jwtConfig;
   }
 
   @Override
   public Authentication build() {
-    authUrl = keycloakUrl+"/auth/realms/"+keycloakRealm+"/protocol/openid-connect/token";
+    if (keycloakTokenUrl != null) {
+      authUrl = keycloakTokenUrl;
+    } else {
+      authUrl = keycloakUrl+"/auth/realms/"+keycloakRealm+"/protocol/openid-connect/token";
+    }
     return this;
   }
 

diff --git a/...va/java-common/src/main/java/io/camunda/common/auth/SelfManagedAuthenticationBuilder.java b/...va/java-common/src/main/java/io/camunda/common/auth/SelfManagedAuthenticationBuilder.java
@@ -25,6 +25,13 @@ public SelfManagedAuthenticationBuilder keycloakRealm(String keycloakRealm) {
     return this;
   }
 
+  public SelfManagedAuthenticationBuilder keycloakTokenUrl(String keycloakTokenUrl) {
+    if (keycloakTokenUrl != null) {
+      selfManagedAuthentication.setKeycloakTokenUrl(keycloakTokenUrl);
+    }
+    return this;
+  }
+
   public Authentication build() {
     return selfManagedAuthentication.build();
   }

diff --git a/...src/main/java/io/camunda/zeebe/spring/client/configuration/CommonClientConfiguration.java b/...src/main/java/io/camunda/zeebe/spring/client/configuration/CommonClientConfiguration.java
@@ -50,7 +50,12 @@ public Authentication authentication() {
               .keycloakUrl(operateClientConfigurationProperties.getKeycloakUrl())
               .keycloakRealm(operateClientConfigurationProperties.getKeycloakRealm())
               .build();
-          } else if (operateClientConfigurationProperties.getUsername() != null && operateClientConfigurationProperties.getPassword() != null) {
+          } else if (operateClientConfigurationProperties.getKeycloakTokenUrl() != null)  {
+            return SelfManagedAuthentication.builder()
+              .jwtConfig(configureJwtConfig())
+              .keycloakTokenUrl(operateClientConfigurationProperties.getKeycloakTokenUrl())
+              .build();
+          }  else if (operateClientConfigurationProperties.getUsername() != null && operateClientConfigurationProperties.getPassword() != null) {
             SimpleConfig simpleConfig = new SimpleConfig();
             SimpleCredential simpleCredential = new SimpleCredential(operateClientConfigurationProperties.getUsername(), operateClientConfigurationProperties.getPassword());
             simpleConfig.addProduct(Product.OPERATE, simpleCredential);
@@ -68,6 +73,11 @@ public Authentication authentication() {
               .keycloakUrl(commonConfigurationProperties.getKeycloak().getUrl())
               .keycloakRealm(commonConfigurationProperties.getKeycloak().getRealm())
               .build();
+          } else if (commonConfigurationProperties.getKeycloak().getTokenUrl() != null) {
+            return SelfManagedAuthentication.builder()
+              .jwtConfig(configureJwtConfig())
+              .keycloakTokenUrl(commonConfigurationProperties.getKeycloak().getTokenUrl())
+              .build();
           } else if (commonConfigurationProperties.getUsername() != null && commonConfigurationProperties.getPassword() != null) {
             SimpleConfig simpleConfig = new SimpleConfig();
             SimpleCredential simpleCredential = new SimpleCredential(commonConfigurationProperties.getUsername(), commonConfigurationProperties.getPassword());
@@ -125,8 +135,8 @@ private JwtConfig configureJwtConfig() {
         jwtConfig.addProduct(Product.OPERATE, new JwtCredential(
           commonConfigurationProperties.getClientId(),
           commonConfigurationProperties.getClientSecret(),
-          operateAuthUrl,
-          operateAudience)
+          operateAudience,
+          operateAuthUrl)
         );
       } else if (zeebeClientConfigurationProperties.getCloud().getClientId() != null && zeebeClientConfigurationProperties.getCloud().getClientSecret() != null) {
         jwtConfig.addProduct(Product.OPERATE, new JwtCredential(zeebeClientConfigurationProperties.getCloud().getClientId(), zeebeClientConfigurationProperties.getCloud().getClientSecret(), operateAudience, operateAuthUrl));

diff --git a/...n/java/io/camunda/zeebe/spring/client/configuration/condition/OperateClientCondition.java b/...n/java/io/camunda/zeebe/spring/client/configuration/condition/OperateClientCondition.java
@@ -23,6 +23,9 @@ static class BaseUrlCondition { }
   @ConditionalOnProperty(name = "camunda.operate.client.keycloak-url")
   static class KeycloakUrlCondition { }
 
+  @ConditionalOnProperty(name = "camunda.operate.client.keycloak-token-url")
+  static class KeycloakTokenUrlCondition { }
+
   @ConditionalOnProperty(name = "camunda.operate.client.url")
   static class UrlCondition { }
 

diff --git a/.../java/io/camunda/zeebe/spring/client/properties/OperateClientConfigurationProperties.java b/.../java/io/camunda/zeebe/spring/client/properties/OperateClientConfigurationProperties.java
@@ -28,6 +28,8 @@ public class OperateClientConfigurationProperties {
   private String keycloakUrl;
   private String keycloakRealm = "camunda-platform";
 
+  private String keycloakTokenUrl;
+
   private String baseUrl;
 
   private String authUrl;
@@ -96,6 +98,14 @@ public void setKeycloakRealm(String keycloakRealm) {
     this.keycloakRealm = keycloakRealm;
   }
 
+  public String getKeycloakTokenUrl() {
+    return keycloakTokenUrl;
+  }
+
+  public void setKeycloakTokenUrl(String keycloakTokenUrl) {
+    this.keycloakTokenUrl = keycloakTokenUrl;
+  }
+
   public String getBaseUrl() {
     return baseUrl;
   }

diff --git a/...rter-camunda/src/main/java/io/camunda/zeebe/spring/client/properties/common/Keycloak.java b/...rter-camunda/src/main/java/io/camunda/zeebe/spring/client/properties/common/Keycloak.java
@@ -4,6 +4,7 @@ public class Keycloak {
 
   private String url;
   private String realm;
+  private String tokenUrl;
 
   public String getUrl() {
     return url;
@@ -20,4 +21,12 @@ public String getRealm() {
   public void setRealm(String realm) {
     this.realm = realm;
   }
+
+  public String getTokenUrl() {
+    return tokenUrl;
+  }
+
+  public void setTokenUrl(String tokenUrl) {
+    this.tokenUrl = tokenUrl;
+  }
 }