...
Parameter | Description | Default Value | |||||
---|---|---|---|---|---|---|---|
bpm | Section of parameters defining BPM-internal settings. | - | |||||
engine | Section of parameters related to the BPM-ENGINE service. | - | |||||
app | Section of parameters. | - | |||||
global-tenant | Specifies the master Flowable tenant which has access to all other tenants. As of version 2021 Autumn: If access to all tenants should be enabled also via BPM-ADMIN-UI, the same tenant has to be set for the parameter | 'master' | |||||
admin-access-role | Specifies the role granting the permission to access all tenants. Users with the specified role furthermore have admin rights for processes and are thus able to manage all processes (not only their own ones, as it is the case for "normal" users). As of version 2021 Autumn: If access to all tenants should be enabled also via BPM-ADMIN-UI, the same role has to be included in the list defined for the parameter | 'YUUVIS_TENANT_ADMIN' | |||||
idm | Section of parameters for the connection of an identity provider. | ||||||
keycloak | Section of parameters only required if Keycloak is used as identity provider. | ||||||
enabled | Boolean value that specifies if BPM Engine connects to Keycloak/KEYCLOAK-PROXY Service ( If | true | |||||
server | URL of the Keycloak server that should be used for authentication. | ||||||
admin | Section of parameters specifying the access credentials for the technical user account used by the BPM-ENGINE service in order to authenticate in Keycloak. | n/a | |||||
username | Username for technical user account. | ||||||
password | Password for technical user account. | ||||||
custom | Section of parameters only required if Keycloak is not used as identity provider. | ||||||
enabled | Boolean value that specifies if BPM Engine connects to Keycloak/KEYCLOAK-PROXY Service ( If | false | |||||
base-url | URL to the identity provider or to the idm-controller of the TENANT-MANAGEMENT Service. | 'http://tenant-management/api/idm' |
Up to version 2022 Summer, BPM Engine has to be configured as follows. Especially, the conversion of the Keycloak roles into Flowable groups can be customized via the keycloak.idm.groups.role-filter
parameter.
...
Contains a regular expression that filters the roles from Keycloak such that only those Keycloak roles that match the condition are visible to the BPM-ENGINE service.
Example: With the filter ^(YUUVIS)(.*)
only roles with names starting with YUUVIS
will be visible to the BPM-ENGINE service.
...