Versions Compared

Old Version 2

changes.mady.by.user Technische Redaktion

Saved on

compared with

New Version Current

changes.mady.by.user Technische Redaktion

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

ParameterDescriptionDefault Value
bpmSection of parameters defining BPM-internal settings.-

engineSection of parameters related to the BPM-ENGINE service.-

appSection of parameters.-

global-tenant

Specifies the master Flowable tenant which has access to all other tenants.

As of version 2021 Autumn: If access to all tenants should be enabled also via BPM-ADMIN-UI, the same tenant has to be set for the parameter bpm.admin.app.default-user-authentication.user.tenant.

'master'
admin-access-role

Specifies the role granting the permission to access all tenants.

Users with the specified role furthermore have admin rights for processes and are thus able to manage all processes (not only their own ones, as it is the case for "normal" users).

As of version 2021 Autumn: If access to all tenants should be enabled also via BPM-ADMIN-UI, the same role has to be included in the list defined for the parameter bpm.admin.app.default-user-authentication.user.privileges.

'YUUVIS_TENANT_ADMIN'
idm

Section of parameters for the connection of an identity provider.



keycloak

Section of parameters only required if Keycloak is used as identity provider.



enabled

Boolean value that specifies if BPM Engine connects to Keycloak/KEYCLOAK-PROXY Service (true) or to a different identity provider (false).

If true, the parameter bpm.engine.idm.custom.enabled must be false.

true
serverURL of the Keycloak server that should be used for authentication.
adminSection of parameters specifying the access credentials for the technical user account used by the BPM-ENGINE service in order to authenticate in Keycloak.n/a

usernameUsername for technical user account.
passwordPassword for technical user account.
customSection of parameters only required if Keycloak is not used as identity provider.

enabled

Boolean value that specifies if BPM Engine connects to Keycloak/KEYCLOAK-PROXY Service (false) or to a different identity provider (true).

If true, the parameter bpm.engine.idm.keycloak.enabled must be false.

false
base-url

URL to the identity provider or to the idm-controller of the TENANT-MANAGEMENT Service.

'http://tenant-management/api/idm'

As of product version 2022 Autumn: If you use Microsoft SQL Server as database for the BPM-ENGINE service, the corresponding JDBC driver requires an SSL connection. For a connection without SSL, append encrypt=false to the connection string in your configuration:

Expand
titleOption 1: Set environment variable

You can change the BPM-ENGINE service configuration via environment variable in the deployment, e.g.:

Code Block
- name: SPRING_DATASOURCE_URL
  value: jdbc:sqlserver://sqlserver2019-mssql-latest.sqlserver2019:1433;databaseName=erebus;encrypt=false



Expand
titleOption 2: Use YML configuration file and profile

  • Create an application-bpmdb.yml configuration file with following parameter:

    Code Block
    spring.datasource.url: 'jdbc:sqlserver://${db.host:localhost}:${db.port:1433};databaseName=${db.name:yuuvis};encrypt=false'


  • Start the BPM-ENGINE service with the additional bpmdb profile:

    Code Block
    - name: SPRING_PROFILES_ACTIVE
  value: bpmdb,swagger


Up to version 2022 Summer, BPM Engine has to be configured as follows. Especially, the conversion of the Keycloak roles into Flowable groups can be customized via the keycloak.idm.groups.role-filter parameter.

...