Setup and configuration guide for the CAS microservice (authorization-system) that manages workspace permissions, user access control, and ACL rules in FlowX 5.0
create-default-workspace: true
: Required for upgrades to migrate existing projects to default workspacedefault-org-admin-username: admin@flowx.ai
: Bootstrap first organization admin from Keycloakdefault-org-admin-user-subject-id
: Leave empty - fallback method if username approach failsdefault-test-usernames
: Optional - for creating test users during developmentspice-db-host
: Inherited from ${flowx.lib.cas-client.spicedb.host}
spice-db-port
: Inherited from ${flowx.lib.cas-client.spicedb.port}
spice-db-token
: Inherited from ${flowx.lib.cas-client.spicedb.token}
openid-realm-name
: Inherited from existing FlowX security configurationopenid-base-server-url
: Inherited from existing FlowX security configurationopenid-admin-client-id
: Inherited from existing FlowX security configurationopenid-admin-client-secret
: Inherited from existing FlowX security configurationPrimary Method (Recommended)
SPRING_LIQUIBASE_PARAMETERS_DEFAULTORGADMINUSERNAME
(default: admin@flowx.ai
)Process:sub_id
(subject ID) to CAS databaseFallback Method
SPRING_LIQUIBASE_PARAMETERS_DEFAULTORGADMINUSERSUBJECTID
with a specific Keycloak subject IDProcess:Error Handling
{microservice}-cas.yml
configuration file that defines connectivity to both authorization-system and SpiceDB through the CAS client library.
{microservice}-cas.yml
):
spicedb.host
: SpiceDB service hostnamespicedb.port
: SpiceDB gRPC port (typically 50051)spicedb.token
: Authentication token for SpiceDB accessauthorization-system.base-url
: authorization-system service REST endpointweb-client.response-timeout
: HTTP response timeout in secondsweb-client.connection-timeout
: HTTP connection timeout in secondsweb-client.max-in-memory-size
: Maximum memory buffer size for HTTP responsesorg_admin
)all_users_[workspace_name]
Organization Permissions
Workspace Permissions
Project/Library Permissions
Deploy authorization-system Infrastructure
Automatic Default Workspace Creation
data-sync Migration Process
Update Service Configurations
Validate Migration
Database Migration Errors
SPRING_LIQUIBASE_PARAMETERS_CREATE_DEFAULT_WORKSPACE=true
is properly setUser Authentication Problems
Service Communication Errors