Currently, we evaluate jBPM 6.2 as a possible BPM suite. One very important criteria is Single Sign-on. I found out that jBPM uses container-managed authentication and authorization. In addition, I looked into the github source code. But I could not figure out if it is possible to extend the KIS Workbench and the jBPM REST API with SSO funcionalities (SAML or OpenID or something else).
Even the official jBPM documentation gives no information on this. Any hint is appreciated.
Best regards Ben
We use the underlying container for authentication and therefore also for SSO. So configuring the workbench for SSO should be done the same way as configuring any other application for SSO. The dashbuilder app and the workbench are actually two separate webapps, already configured for SSO out-of-the-box. For example, for Wildfly, they share the same security domain (in META-INF/jboss-web.xml) and SSO is turned on in standalone(-full).xml (https://github.com/droolsjbpm/jbpm/blob/master/jbpm-installer/standalone-full-wildfly-8.1.0.Final.xml#L428).