Dependencies
Before setting up the plugin, ensure you have the following dependencies:- A MongoDB database for task storage
- A connection to the RuntimeDB for operational data
- Access to the database used by the FlowX Engine
- Connection to the Kafka instance used by the FlowX Engine
- A Redis instance for caching and performance optimization
Authorization configuration & access roles
The Task Management plugin validates incoming tokens with the JWT public key mechanism and authenticates to other FlowX services with a dedicated service account (themainIdentity client registration) in the service-accounts realm:
Starting with 5.9.0, the Task Management plugin no longer connects to the identity provider for user lookup. Task operations resolve users through FlowX runtime authorization instead. The previously required
view-users, query-users, and query-groups realm-management roles on the service account, the OPENID_PROVIDER / OPENID_ENTRA_* settings, and the openid: Helm values block are obsolete and can be removed from your deployment.Task Management Service Account
FlowX Engine datasource configuration
The service needs access to process instance data from the engine database. Configure these connection parameters:MongoDB configuration
Configure access to the primary MongoDB instance:Task Manager requires a runtime connection to function correctly. Starting the service without a configured and active runtime MongoDB connection is not supported.
Runtime MongoDB configuration
Task Manager requires a runtime connection to function correctly. Starting the service without a configured and active runtime MongoDB connection is not supported.
Redis configuration
Task Management Plugin uses Redis for caching. Configure Redis connection using the standard Redis environment variables. Quick reference:Both
SPRING_DATA_REDIS_* and SPRING_REDIS_* variable prefixes are supported. The SPRING_DATA_REDIS_* prefix is the modern Spring Boot standard and is recommended for new deployments.For advanced Redis deployment modes (Sentinel, Cluster) and SSL/TLS setup, see the Redis Configuration guide. Note that Sentinel and Cluster modes are only supported by the Events Gateway service.
Kafka configuration
Configure the Kafka integration using these environment variables:Core Kafka settings
OAuth authentication (when using SASL_PLAINTEXT)
When using the
kafka-auth profile, the security protocol will automatically be set to SASL_PLAINTEXT and the SASL mechanism will be set to OAUTHBEARER.Topic naming configuration
Kafka topics
Process management topics
Scheduling topics
User management topics
Task operations topics
Events and integration topics
The Engine listens for messages on topics with specific naming patterns. Ensure you use the correct outgoing topic names when configuring the Task Management plugin to maintain proper communication with the engine.
CAS lib configuration
Logging configuration
Control logging verbosity with these environment variables:Ingress and CORS
The Task Management plugin is exposed on both the admin and public hosts. Routing is configured through the FlowX Helm chart, which renders either a Kubernetes Ingress (default) or a Gateway API HTTPRoute per service. CORS handling lives in the service code; only the allowed-origins list is deployment-specific.Service routes
Paths are set through
services.task-management-plugin.ingress.admin.path / services.task-management-plugin.ingress.public.path (or the corresponding gateway.<key>.paths) in the chart values.
CORS configuration
Allowed methods, allowed headers (including
Authorization, Content-Type, Fx-Workspace-Id), and credential handling are baked into the serviceโs application.yaml with safe defaults. Override these only if you have a non-standard requirement.
For the complete route reference, Gateway API HTTPRoute configuration, and route customization, see the ingress configuration guide.

