authenticationamazon-cognitokeycloakdroolsjbpm

Authenticate JBPM using AWS Cognito


I need to authenticate users into JBPM through AWS Cognito, There is a Login-Client-JavaScript-SDK, by which a user can log in with their username and password, so the problem is, how to integrate this with JBPM, JBPM has its own UI for login.

I have seen that it is possible to connect JBPM to any AD for authentication. But, is there any way to redirect the user onto the Cognito login from JBPM, and after successful login redirect that to JBPM, for logout too, it should log out in Cognito and come back to the JBPM login page again.

JBPM also provides integration with Keycloak for SSO, can we do it using that? any example/blog would suffice.


Solution

  • We got this solved using Keycloak as a broker, There are Keycloak OIDC adapters for JBPM, with the help of that, JBPM can integrate with Keycloak. So when user hits JBPM, JBPM asks Keycloak to authenticate, Keycloak has Cognito added as an OIDC Identity provider, and hence keycloak redirects to cognito for authentication, cognito authenticates the user and redirects to keycloak, keycloak redirects the user back to JBPM.

    Please refer the image..

    enter image description here