2 Replies Latest reply on Nov 30, 2017 9:50 PM by Hector Callejas

    JBPM 6.5.0 and Keycloak SSO

    Ahmet Coşkun Newbie

      Hello there,


      I am trying to integrate Keycloak 3.1.0 and JBPM 6.5.0. From docs here, Chapter 10. Workbench Integration , I have done everything even this doc is for 6.4.0. When I enter jbpm-console It redirects me to Keycloak login page and I login with my username, password. I have created this username with Keycloak Admin Panel. So, It is not defined in JBPM. After I enter username, password, It logins and redirects me to jbpm-console path. However, It gives me Login failed: Not Authorized error in Jbpm-console page. I expect it will pass authorization in jbpm-console but no chance. How can I solve this?

        • 1. Re: JBPM 6.5.0 and Keycloak SSO
          William Faria (WMFarinha) Newbie

          Hello, did you install KC adapt, changed the standalone / configuration / standalone-full.xml xml?

          Make a change to the Wildfly standalone.xml file.

          Comment or remove this tag <single-sign-on path = "/" />

          Then go to the WAR file (jbpm-console.WAR) and change the web.xml

          Change the tag content to <auth-method> KEYCLOAK </ auth-method>



          If you are making calls via REST please comment on this item as well.



          <!-- Basic Auth Filter for REST and Maven2 repo -->

            <!-- <filter>

            <filter-name>HTTP Basic Auth Filter</filter-name>




            <param-value>KIE Workbench Realm</param-value>





            <filter-name>HTTP Basic Auth Filter</filter-name>




            </filter-mapping> -->



          Add the following section to protect the accesses rest and ws by Keycloak.














          Copy the keycloak.json file (into the WAR) generated by the Realm installation of Keycloak. An example of this file is:



            "realm": "REALM_NAME",

            "auth-server-url": "http://localhost:8180/auth",

            "enable-cors" : true,

            "cors-max-age" : 1000,

            "cors-allowed-methods" : "POST, PUT, DELETE, GET",

            "ssl-required": "external",

            "resource": "RESOURCE_NAME",

            "principal-attribute": "preferred_username",

            "credentials": {

              "secret": "360f4bda-603e-4594-8cc9-13397c0c7d1d"


            "use-resource-role-mappings": true


          • 2. Re: JBPM 6.5.0 and Keycloak SSO
            Hector Callejas Newbie

            can you send the log file?? maybe the connection works fine and only need create the group in the realm