diff --git a/versioned_docs/version-8.4/self-managed/identity/deployment/configuration-variables.md b/versioned_docs/version-8.4/self-managed/identity/deployment/configuration-variables.md index 3853d24777b..ca71087b693 100644 --- a/versioned_docs/version-8.4/self-managed/identity/deployment/configuration-variables.md +++ b/versioned_docs/version-8.4/self-managed/identity/deployment/configuration-variables.md @@ -27,6 +27,21 @@ As a Spring Boot application, Identity supports any standard | `KEYCLOAK_SETUP_CLIENT_ID` | The client to use for authentication during setup of the provided Keycloak. | admin-cli | | `KEYCLOAK_URL` | The URL of the Keycloak instance to use. | http://localhost:18080/auth | +## Camunda Identity SDK configuration + +Below, find the names and values for the Identity SDK to ensure proper authentication and authorization with Identity and the Identity provider for all components. + +| Environment variable | Property | Description | Default value | +| ----------------------------------- | ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------- | +| `CAMUNDA_IDENTITY_ISSUERBACKENDURL` | `camunda.identity.issuerBackendUrl` | The back-channel URL to the Identity provider, used for token verification. | - | +| `CAMUNDA_IDENTITY_AUDIENCE` | `camunda.identity.audience` | The required audience of the auth token. | - | +| `CAMUNDA_IDENTITY_TYPE` | `camunda.identity.type` | Define what kind of authentication type you will use (`KEYCLOAK`, `MICROSOFT`, `GENERIC`). | `KEYCLOAK` | +| `CAMUNDA_IDENTITY_BASEURL` | `camunda.identity.baseUrl` | The base URL of the Camunda Identity instance. | - | +| `CAMUNDA_IDENTITY_ISSUER` | `camunda.identity.issuer` | The front-channel URL to the Identity provider, used for login redirect and fetching refresh tokens. | - | +| `CAMUNDA_IDENTITY_JWKS_URL` | `camunda.identity.jwksUrl` | Defines the JWKS URL, which is used by the services to validate the JWT tokens. If nothing is set, it will use the WellKnownEndpoint. | - | +| `CAMUNDA_IDENTITY_CLIENT_ID` | `camunda.identity.clientId` | Defines the client ID, which is used by Zeebe in authentication flows. | - | +| `CAMUNDA_IDENTITY_CLIENT_SECRET` | `camunda.identity.clientSecret` | The client secret for the Identity client. | - | + ### Component configuration Identity supports component configuration using preset values. To configure a diff --git a/versioned_docs/version-8.4/self-managed/zeebe-deployment/configuration/gateway.md b/versioned_docs/version-8.4/self-managed/zeebe-deployment/configuration/gateway.md index 2b9743259ef..ba862dc91ad 100644 --- a/versioned_docs/version-8.4/self-managed/zeebe-deployment/configuration/gateway.md +++ b/versioned_docs/version-8.4/self-managed/zeebe-deployment/configuration/gateway.md @@ -174,7 +174,7 @@ security: :::note The Zeebe configuration properties for Camunda Identity are deprecated as of version `8.4.0`. Use the dedicated -Camunda Identity properties or the [corresponding environment variables](../../identity/deployment/configuration-variables.md#core-configuration). +Camunda Identity properties or the [corresponding SDK environment variables](../../identity/deployment/configuration-variables.md#camunda-identity-sdk-configuration). ::: | Field | Description | Example value | diff --git a/versioned_docs/version-8.5/self-managed/identity/deployment/configuration-variables.md b/versioned_docs/version-8.5/self-managed/identity/deployment/configuration-variables.md index 2cb55c61c38..6553efdd10e 100644 --- a/versioned_docs/version-8.5/self-managed/identity/deployment/configuration-variables.md +++ b/versioned_docs/version-8.5/self-managed/identity/deployment/configuration-variables.md @@ -27,6 +27,22 @@ As a Spring Boot application, Identity supports any standard | `KEYCLOAK_SETUP_CLIENT_ID` | The client to use for authentication during setup of the provided Keycloak. | admin-cli | | `KEYCLOAK_URL` | The URL of the Keycloak instance to use. | http://localhost:18080/auth | +## Camunda Identity SDK configuration + +Below, find the names and values for the Identity SDK to ensure proper authentication and authorization with Identity and the Identity provider for all components. + +| Environment variable | Property | Description | Default value | +| ----------------------------------- | ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | +| `CAMUNDA_IDENTITY_ISSUERBACKENDURL` | `camunda.identity.issuerBackendUrl` | The back-channel URL to the Identity provider, used for token verification. | - | +| `CAMUNDA_IDENTITY_AUDIENCE` | `camunda.identity.audience` | The required audience of the auth token. | - | +| `CAMUNDA_IDENTITY_TYPE` | `camunda.identity.type` | Define what kind of authentication type you will use (`KEYCLOAK`, `MICROSOFT`, `GENERIC`). | `KEYCLOAK` | +| `CAMUNDA_IDENTITY_BASEURL` | `camunda.identity.baseUrl` | The base URL of the Camunda Identity instance. | - | +| `CAMUNDA_IDENTITY_ISSUER` | `camunda.identity.issuer` | The front-channel URL to the Identity provider, used for login redirect and fetching refresh tokens. | - | +| `CAMUNDA_IDENTITY_JWKS_URL` | `camunda.identity.jwksUrl` | Defines the JWKS URL, which is used by the services to validate the JWT tokens. If nothing is set, it will use the WellKnownEndpoint. | - | +| `CAMUNDA_IDENTITY_CLIENT_ID` | `camunda.identity.clientId` | Defines the client ID, which is used by Zeebe in authentication flows. | - | +| `CAMUNDA_IDENTITY_CLIENT_SECRET` | `camunda.identity.clientSecret` | The client secret for the Identity client. | - | +| `CAMUNDA_IDENTITY_AUTH_SCOPES` | `camunda.identity.authScopes` | defines the scopes that should be applied to the token, provided as list separated by spaces | `openid email offline_access` | + ## OIDC configuration | Evnironment variable | Description | Default value | diff --git a/versioned_docs/version-8.5/self-managed/zeebe-deployment/configuration/gateway.md b/versioned_docs/version-8.5/self-managed/zeebe-deployment/configuration/gateway.md index 1a10beaa943..d42fdb63785 100644 --- a/versioned_docs/version-8.5/self-managed/zeebe-deployment/configuration/gateway.md +++ b/versioned_docs/version-8.5/self-managed/zeebe-deployment/configuration/gateway.md @@ -251,7 +251,7 @@ security: :::note The Zeebe configuration properties for Camunda Identity are deprecated as of version `8.4.0`. Use the dedicated -Camunda Identity properties or the [corresponding environment variables](../../identity/deployment/configuration-variables.md#core-configuration). +Camunda Identity properties or the [corresponding SDK environment variables](../../identity/deployment/configuration-variables.md#camunda-identity-sdk-configuration). ::: | Field | Description | Example value | diff --git a/versioned_docs/version-8.6/self-managed/identity/deployment/configuration-variables.md b/versioned_docs/version-8.6/self-managed/identity/deployment/configuration-variables.md index 09066025e1f..13df99f8c3e 100644 --- a/versioned_docs/version-8.6/self-managed/identity/deployment/configuration-variables.md +++ b/versioned_docs/version-8.6/self-managed/identity/deployment/configuration-variables.md @@ -27,6 +27,22 @@ As a Spring Boot application, Identity supports any standard | `KEYCLOAK_SETUP_CLIENT_ID` | The client to use for authentication during setup of the provided Keycloak. | admin-cli | | `KEYCLOAK_URL` | The URL of the Keycloak instance to use. | http://localhost:18080/auth | +## Camunda Identity SDK configuration + +Below, find the names and values for the Identity SDK to ensure proper authentication and authorization with Identity and the Identity provider for all components. + +| Environment variable | Property | Description | Default value | +| ----------------------------------- | ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | +| `CAMUNDA_IDENTITY_ISSUERBACKENDURL` | `camunda.identity.issuerBackendUrl` | The back-channel URL to the Identity provider, used for token verification. | - | +| `CAMUNDA_IDENTITY_AUDIENCE` | `camunda.identity.audience` | The required audience of the auth token. | - | +| `CAMUNDA_IDENTITY_TYPE` | `camunda.identity.type` | Define what kind of authentication type you will use (`KEYCLOAK`, `MICROSOFT`, `GENERIC`). | `KEYCLOAK` | +| `CAMUNDA_IDENTITY_BASEURL` | `camunda.identity.baseUrl` | The base URL of the Camunda Identity instance. | - | +| `CAMUNDA_IDENTITY_ISSUER` | `camunda.identity.issuer` | The front-channel URL to the Identity provider, used for login redirect and fetching refresh tokens. | - | +| `CAMUNDA_IDENTITY_JWKS_URL` | `camunda.identity.jwksUrl` | Defines the JWKS URL, which is used by the services to validate the JWT tokens. If nothing is set, it will use the WellKnownEndpoint. | - | +| `CAMUNDA_IDENTITY_CLIENT_ID` | `camunda.identity.clientId` | Defines the client ID, which is used by Zeebe in authentication flows. | - | +| `CAMUNDA_IDENTITY_CLIENT_SECRET` | `camunda.identity.clientSecret` | The client secret for the Identity client. | - | +| `CAMUNDA_IDENTITY_AUTH_SCOPES` | `camunda.identity.authScopes` | defines the scopes that should be applied to the token, provided as list separated by spaces | `openid email offline_access` | + ## License configuration import Licensing from '../../../self-managed/react-components/licensing.md' diff --git a/versioned_docs/version-8.6/self-managed/zeebe-deployment/configuration/gateway.md b/versioned_docs/version-8.6/self-managed/zeebe-deployment/configuration/gateway.md index da711b4b109..ff1bdb6069d 100644 --- a/versioned_docs/version-8.6/self-managed/zeebe-deployment/configuration/gateway.md +++ b/versioned_docs/version-8.6/self-managed/zeebe-deployment/configuration/gateway.md @@ -251,7 +251,7 @@ security: :::note The Zeebe configuration properties for Camunda Identity are deprecated as of version `8.4.0`. Use the dedicated -Camunda Identity properties or the [corresponding environment variables](../../identity/deployment/configuration-variables.md#core-configuration). +Camunda Identity properties or the [corresponding SDK environment variables](../../identity/deployment/configuration-variables.md#camunda-identity-sdk-configuration). ::: | Field | Description | Example value |