Authentication

Introduction

Tasklist provides two ways for authentication:

  1. Authenticate with user information stored in Elasticsearch
  2. Authenticate via Auth0 Single Sign-On provider

By default user storage in Elasticsearch is enabled.

User in Elasticsearch

In this mode the user authenticates with username and password, that are stored in Elasticsearch. username and password for one user may be set in application.yml:

zeebe.tasklist:
  username: anUser
  password: aPassword

On Tasklist startup the user will be created if not existed before.

By default one user with username/password demo/demo will be created.

More users can be added directly to Elasticsearch, to the index tasklist-user-<version>_. Password must be encoded with BCrypt strong hashing function.

Auth0 Single Sign-On

Currently Tasklist supports Auth0.com implementation of Single Sign-On.

Enable Single Sign-On

Single Sign-On may be enabled only by setting Spring profile: sso-auth

Example for setting spring profile as environmental variable:

export SPRING_PROFILES_ACTIVE=sso-auth

Configure Single Sign-On

Single Sign-On needs following parameters (all are mandatory):

ParameternameDescription
zeebe.tasklist.auth0.domainDefines the domain which the user sees
zeebe.tasklist.auth0.backendDomainDefines the domain which provides user information
zeebe.tasklist.auth0.clientIdIt's like an user name for the application
zeebe.tasklist.auth0.clientSecretIt's like a password for the application
zeebe.tasklist.auth0.claimNameThe claim that will be checked by Tasklist. It's like a permission name
zeebe.tasklist.auth0.organizationThe given organization should be contained in value of claim name

Example for setting parameters as environment variables:

export ZEEBE_TASKLIST_AUTH0_DOMAIN=A_DOMAIN
export ZEEBE_TASKLIST_AUTH0_BACKENDDOMAIN=A_BACKEND_DDOMAIN
export ZEEBE_TASKLIST_AUTH0_CLIENTID=A_CLIENT_ID
export ZEEBE_TASKLIST_AUTH0_CLIENTSECRET=A_SECRET
export ZEEBE_TASKLIST_AUTH0_CLAIMNAME=A_CLAIM
export ZEEBE_TASKLIST_AUTH0_ORGANIZATION=AN_ORGANIZATION