Versions Compared

Old Version 11

changes.mady.by.user Technische Redaktion

Saved on

compared with

New Version Current

changes.mady.by.user Technische Redaktion

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

ParameterDescriptionDefault Value
bpmSection of parameters defining BPM-internal settings.-

engineSection of parameters related to the BPM-ENGINE service.-

appSection of parameters.-

global-tenant

Specifies the master Flowable tenant which has access to all other tenants.

As of version 2021 Autumn: If access to all tenants should be enabled also via BPM-ADMIN-UI, the same tenant has to be set for the parameter bpm.admin.app.default-user-authentication.user.tenant.

'master'
admin-access-role

Specifies the role granting the permission to access all tenants.

Users with the specified role furthermore have admin rights for processes and are thus able to manage all processes (not only their own ones, as it is the case for "normal" users).

As of version 2021 Autumn: If access to all tenants should be enabled also via BPM-ADMIN-UI, the same role has to be included in the list defined for the parameter bpm.admin.app.default-user-authentication.user.privileges.

'YUUVIS_TENANT_ADMIN'
idm

Section of parameters for the connection of an identity provider.



keycloak

Section of parameters only required if Keycloak is used as identity provider.



enabled

Boolean value that specifies if BPM Engine connects to Keycloak/KEYCLOAK-PROXY Service (true) or to a different identity provider (false).

If true, the parameter bpm.engine.idm.custom.enabled must be false.

true
serverURL of the Keycloak server that should be used for authentication.
adminSection of parameters specifying the access credentials for the technical user account used by the BPM-ENGINE service in order to authenticate in Keycloak.n/a

usernameUsername for technical user account.
passwordPassword for technical user account.
customSection of parameters only required if Keycloak is not used as identity provider.

enabled

Boolean value that specifies if BPM Engine connects to Keycloak/KEYCLOAK-PROXY Service (false) or to a different identity provider (true).

If true, the parameter bpm.engine.idm.keycloak.enabled must be false.

false
base-url

URL to the identity provider or to the idm-controller of the TENANT-MANAGEMENT Service.

'http://tenant-management/api/idm'

Up to version 2022 Summer, BPM Engine has to be configured as follows. Especially, the conversion of the Keycloak roles into Flowable groups can be customized via the keycloak.idm.groups.role-filter parameter.

...

Contains a regular expression that filters the roles from Keycloak such that only those Keycloak roles that match the condition are visible to the BPM-ENGINE service.

Example: With the filter ^(YUUVIS)(.*) only roles with names starting with YUUVIS will be visible to the BPM-ENGINE service.

...