Tasklist provides two ways for authentication:
- Authenticate with user information stored in Elasticsearch
- Authenticate via Auth0 Single Sign-On provider
By default user storage in Elasticsearch is enabled.
In this mode the user authenticates with username and password, that are stored in Elasticsearch. username and password for one user may be set in application.yml:
On Tasklist startup the user will be created if not existed before.
By default one user with username/password
demo will be created.
More users can be added directly to Elasticsearch, to the index
tasklist-user-<version>_. Password must be encoded with BCrypt strong hashing function.
Currently Tasklist supports Auth0.com implementation of Single Sign-On.
Single Sign-On may be enabled only by setting Spring profile:
Example for setting spring profile as environmental variable:
Single Sign-On needs following parameters (all are mandatory):
|zeebe.tasklist.auth0.domain||Defines the domain which the user sees|
|zeebe.tasklist.auth0.backendDomain||Defines the domain which provides user information|
|zeebe.tasklist.auth0.clientId||It's like an user name for the application|
|zeebe.tasklist.auth0.clientSecret||It's like a password for the application|
|zeebe.tasklist.auth0.claimName||The claim that will be checked by Tasklist. It's like a permission name|
|zeebe.tasklist.auth0.organization||The given organization should be contained in value of claim name|
Example for setting parameters as environment variables: