> For the complete documentation index, see [llms.txt](https://docs.valtimo.nl/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.valtimo.nl/fundamentals/getting-started/modules/core/operaton-webapps.md). # Operaton ## Configuring Operaton webapps By default, Valtimo includes the Operaton webapps, including the [cockpit](https://docs.operaton.org/docs/documentation/webapps/cockpit/). This is accessible by using the path `/operaton/app/` on the domain where Valtimo is hosted. e.g. `http://example.valtimo.com/operaton/app/` ### Configuring an admin user The Operaton webapps use the default Operaton authentication mechanism. This means they cannot be accessed by keycloak users. Credentials can be configured in the default way Operaton provides when using Spring. In order to create an admin user the following application configuration should be set: ```yaml operaton.bpm.admin-user: id: admin # or another username of choice password: # enter a newly generated password here ``` Note: The id (username) is unique. If you want to change the password, you can do it via the Operaton web interface: Dashboard => Users => Account See the [Operaton documentation](https://docs.operaton.org/docs/documentation/user-guide/spring-boot-integration/configuration#operaton-engine-properties) for more configuration properties. ### Additional security The Operaton webapps are available in a separate path (`/operaton/*`) from the other Valtimo APIs (`/api/*`). Since the Operaton webapps are a tool used to manage the internal it may be advisable to control access to this path on an infrastructure level. To remove the Operaton webapps from Valtimo altogether the `org.operaton.bpm.springboot:operaton-bpm-spring-boot-starter-webapp:7.14.0` dependency can be excluded. This is a dependency in the Valtimo `core` module. ### IP whitelist Access to the Operaton webapps is restricted by an IP whitelist. Only requests originating from whitelisted IP addresses are permitted. Requests from other IP addresses will receive a `403 Forbidden` response. The whitelist is configured via the `valtimo.security.whitelist.hosts` application property: ```yaml valtimo: security: whitelist: hosts: - localhost ``` The value can be a hostname (e.g. `localhost`) or a CIDR notation (e.g. `10.0.0.0/8`). Hostnames are resolved to IP addresses at startup. If `valtimo.security.whitelist.hosts` is not configured, empty, or contains only entries that cannot be resolved, access to Operaton webapps is denied (requests receive `403 Forbidden`). --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.valtimo.nl/fundamentals/getting-started/modules/core/operaton-webapps.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.