Process for Group (keycloak)
440 views
Skip to first unread message
William Faria
Aug 9, 2017, 1:25:58 PM8/9/17
to jBPM Development
Hey guys.
I'm having a problem initiating a process for a group. I made the integration of jBPM with the Keyclock and it is accessing my LDAP correctly, but when I start a process for a group (existing in the keycloak) it does not appear to task for this group. The task only appears if I link the task to the specific user.
I am using the jBPM 7.0 version
Can someone help me?
Maciej Swiderski
Aug 10, 2017, 3:14:47 AM8/10/17
to William Faria, jBPM Development
looks like an issue with keycloak integration with app server as apparently roles/groups are not loaded into security context of the logged in user. So double check if roles/groups are properly loaded when you logon to kie server
Maciej
--
You received this message because you are subscribed to the Google Groups "jBPM Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jbpm-developme...@googlegroups.com.
To post to this group, send email to jbpm-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jbpm-development/63673bb9-a133-4508-b918-6fd1e47d195a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
William Faria
Aug 10, 2017, 4:06:04 PM8/10/17
to jBPM Development, wmfa...@gmail.com
I did the entire KC configuration as per the documentation (https://docs.jboss.org/jbpm/release/7.1.0.Final/jbpm-docs/html_single/#_kie.keycloakssointegration)
Inside KC I went to ROLES, I created a new ROLE.
Done that I was in USERS, I selected my user> ROLE MAPPINGS and I added the ROLE "pcj".
I saved the process and took the test in jBPM, created the process and included in the tasks GROUPS = "pcj" I deployed and started a new instance. When accessing TASKS> ACTIVE menu, no TASK appears for the group that access only appears if in the TASK of the process I put ACTORS = USER_NAME.
I've tried several combinations to create the ROLES.
In KC I went in CLIENTS... opening my CLIENT, I accessed the menu ROLES> ADD ROLE and created a new role = "pcj"
I did the entire process described above and even then only the tasks appear when I link directly with USER_NAME.
Can anyone give me a way of how to create this ROLE or GROUP in KC so that the TASKS appear for my GROUP?
Thank you very much!
Alaor Bianco
Aug 15, 2017, 2:22:12 PM8/15/17
to jBPM Development
The group issue I could manage by moving the keycloak configuration to wildfly (standalone.xml file) instead of using per war configuration approach. Look at documentation here.
But now, I facing another problem! Since I did this change I cannot start new processes, the Process Definition in Workbench is empty and if I check status of my container (http://localhost:8080/kie-server/services/rest/server/containers/myContainer) its <response type="FAILURE" msg="Container myContainer is not instantiated."/>. If I disable the Keycloak integration and use jbpm built-in, everything works fine!
Any idea?
Thanks
Reply all
Reply to author
Forward
0 new messages