Identity
note
Web Modeler Self-Managed is available to enterprise customers only.
Configuring secure connections to Identity
By default, communication between Web Modeler and Identity is not encrypted, as it usually happens backend-to-backend within the same Docker network or Kubernetes cluster. However, you can enable TLS-encrypted communication by following the steps below (for example, if backend-to-backend communication is not possible in a custom Camunda 8 installation setup).
Configure the Identity base URL
Provide a URL that starts with https:// (e.g. https://identity.example.com) as the base URL of the Identity instance:
- For the
modeler-webappcontainer, provide the URL via the environment variableIDENTITY_BASE_URL. - For the
modeler-restapicontainer, provide the URL via the environment variableRESTAPI_IDENTITY_BASE_URL.
(Optional) Provide a custom certificate
If you are using a custom (self-signed) TLS certificate for Identity, you need to make Web Modeler accept the certificate:
- For the
modeler-webappcontainer, provide the path to the certificate file via the environment variableNODE_EXTRA_CA_CERTS(make sure that the provided path is accessible from the container, e.g. via a mounted volume):NODE_EXTRA_CA_CERTS=/path/to/certificate.crt - For the
modeler-restapicontainer:- Add the certificate to a custom Java trust store (using the
keytoolutility). - Configure the trust store as described in the Zeebe connection troubleshooting guide.
- Add the certificate to a custom Java trust store (using the