Skip to main content
Version: 8.4

Authentication

Tasklist provides two ways to authenticate:

  1. User information stored in Elasticsearch
  2. Identity Authentication and Authorization

By default, user storage in Elasticsearch is enabled.

note

User restrictions are not supported when using Elasticsearch for user storage. If you want to use user restrictions, Identity is required.

In this mode, the user authenticates with a username and password stored in Elasticsearch.

The userId, password, and roles for one user may be set in application.yml:

camunda.tasklist:
userId: aUser
password: aPassword
displayName: aDisplayName
roles:
- OWNER
- OPERATOR

On Tasklist startup, the user is created if they did not exist before.

By default, three users are created:

  • Role OWNER with userId/displayName/password demo/demo/demo. To change userId, password, displayName or role for user demo use the above configuration.

  • Role USER with userId/displayName/password view/view/view. To change userId, displayName or password for this user the below configuration can be used:

camunda.tasklist:
readerUserId: aUser
readerPassword: aPassword
readerDisplayName: aDisplayName
  • Role OPERATOR with userId/displayName/password act/act/act/. To change userId, displayName or password for this user the below configuration can be used:
camunda.tasklist:
operatorUserId: aUser
operatorPassword: aPassword
operatorDisplayName: aDisplayName

More users can be added directly to Elasticsearch, to the index tasklist-user-<version>_. The password must be encoded with a strong BCrypt hashing function.