3 Replies Latest reply on Aug 11, 2017 8:34 AM by William Faria (WMFarinha)

    Keycloak groups to jBPM

    Никита Мичкарев Newbie



      I've just integrated keycloak with jBPM. Now I can login to jBPM console with keycloak user's credentials and get related roles. But I don't have any groups I mapped to my user in Keycloak console. I tried to create process with human task assigned to group(entered name of group created in Keycloak). This task was unavailable for the user that had this group in keycloak mapping.


      Is it a bug or this approach is not supported?

        • 1. Re: Keycloak groups to jBPM
          Yev Kovelman Newbie

          My understanding is that currently groups are a Keycloak only concept, it allows you to group users and assign roles to groups. In turn users will inherit group roles. That's as far as it goes today, there are items on the keycloak JIRA related to Group based authorizations, no target though.

          • 2. Re: Keycloak groups to jBPM
            Grégoire JEANMART Newbie


            So, if I understand correctly. I want to assign a user task to a group of users (let say "manager"). If bob and tom are part of this group "manager" in Keycloak and my process implements a group assignation to "manager". It's not going to work because a Keycloak group is not reflected to jBPM ?

            What can I do as a workaround. Assign individually all the users from the group list as actors ?




            EDIT: Actually a role in Keycloak is a group in jBPM. So that works

            • 3. Re: Keycloak groups to jBPM
              William Faria (WMFarinha) Newbie

              I have the same problem. I did the integration of jBPM with Keycloak.

              It is authenticating correctly, but when I do the process and assign to an existing group in Keycloak, the process does not appear for the user, only if I link the process directly to the user login.

              Has anyone here solved this problem?