3 Replies Latest reply on Aug 11, 2017 8:34 AM by wmfarinha

Keycloak groups to jBPM

nmichkarev May 22, 2017 1:21 AM

Hi.

I've just integrated keycloak with jBPM. Now I can login to jBPM console with keycloak user's credentials and get related roles. But I don't have any groups I mapped to my user in Keycloak console. I tried to create process with human task assigned to group(entered name of group created in Keycloak). This task was unavailable for the user that had this group in keycloak mapping.

Is it a bug or this approach is not supported?

1. Re: Keycloak groups to jBPM

yevk Jun 6, 2017 1:05 PM (in response to nmichkarev)

My understanding is that currently groups are a Keycloak only concept, it allows you to group users and assign roles to groups. In turn users will inherit group roles. That's as far as it goes today, there are items on the keycloak JIRA related to Group based authorizations, no target though.
Actions
2. Re: Keycloak groups to jBPM

gjeanmart Jun 22, 2017 4:08 AM (in response to yevk)

Hi,
So, if I understand correctly. I want to assign a user task to a group of users (let say "manager"). If bob and tom are part of this group "manager" in Keycloak and my process implements a group assignation to "manager". It's not going to work because a Keycloak group is not reflected to jBPM ?
What can I do as a workaround. Assign individually all the users from the group list as actors ?
Thanks
Greg

EDIT: Actually a role in Keycloak is a group in jBPM. So that works
Actions
3. Re: Keycloak groups to jBPM

wmfarinha Aug 11, 2017 8:34 AM (in response to nmichkarev)

I have the same problem. I did the integration of jBPM with Keycloak.
It is authenticating correctly, but when I do the process and assign to an existing group in Keycloak, the process does not appear for the user, only if I link the process directly to the user login.
Has anyone here solved this problem?
Actions

Go to original post