Integration Error

[srinathganesh1]

Updated with latest status (removed some irreverent things):

modules/flowable-ui-modeler/flowable-ui-modeler-conf/src/main/java/org/flowable/ui/modeler/conf/SecurityConfiguration.java (I was not able to directly replace the class name, since new class name had one extra parameter)

modules/flowable-ui-modeler/flowable-ui-modeler-app/src/main/resources/flowable-default.properties

User Permission

Service Account

I had to add view-users from the auto generated master-realm to do away with token error

Error after signin (there are no logs generated for this in flowable and keycloak)

[ajcamilo]

Your client setup in keycloak needs to have:

• Service Accounts enabled
• The view-users and view-groups scopes in both client scopes and service account scopes.

I can detail more what to do if you want.

[srinathganesh1]

I tried setting the scope and service account, and a few more configs. It still didn't work. Updated original post (since 403 stopped coming somehow)

Do you have a sample demo project? or a sample configuration for keycloak

[srinathganesh1]

Update: I made this change

and I am getting error

[ajcamilo]

Can you show me the logs from keycloak?

[srinathganesh1]

Can you show me the logs from keycloak?

sure will post them.

[srinathganesh1]

I will shortly update the original post will all my configuration again (instead of two comments)

---

Flowable Logs

2020-03-31 16:46:20.360  INFO 19732 --- [nio-8080-exec-5] o.a.c.c.C.[.[.[/flowable-modeler]        : Initializing Spring FrameworkServlet 'dispatcherServlet'
2020-03-31 16:46:20.360  INFO 19732 --- [nio-8080-exec-5] o.s.w.s.DispatcherServlet                : FrameworkServlet 'dispatcherServlet': initialization started
2020-03-31 16:46:20.408  INFO 19732 --- [nio-8080-exec-5] o.s.w.s.DispatcherServlet                : FrameworkServlet 'dispatcherServlet': initialization completed in 43 ms

Keycloak Logs: Nothing getting logged.

[srinathganesh1]

I have updated original post with the latest configs https://github.com/premium-minds/flowable-keycloak/issues/1#issue-585720922

[ajcamilo]

I'll make a sample project from https://github.com/flowable/flowable-engine/tree/master/modules/flowable-ui-modeler.

But it will take some time. Maybe next week. Sorry.

[srinathganesh1]

I'll make a sample project from https://github.com/flowable/flowable-engine/tree/master/modules/flowable-ui-modeler.

But it will take some time. Maybe next week. Sorry.

Ok thank you. does my current configs looks fine?

[ajcamilo]

Yes, it looks fine. Maybe there's something missing in the SecurityConfiguration. But I need some time to test this.

[srinathganesh1]

Yes, it looks fine. Maybe there's something missing in the SecurityConfiguration. But I need some time to test this.

Ok thanks

[ajcamilo]

@srinathganesh1 can you checkout this commit: https://github.com/premium-minds/flowable-keycloak-example/commit/69dda8c4fb92d9e0c68d766eafeebbaf11a59036

This example is working for flowable-ui-modeler.

[srinathganesh1]

Thanks a lot. I will try it out.

On Mon, 6 Apr, 2020, 20:21 André Camilo, notifications@github.com wrote:

@srinathganesh1 https://github.com/srinathganesh1 can you checkout this commit: premium-minds/flowable-keycloak-example@69dda8c https://github.com/premium-minds/flowable-keycloak-example/commit/69dda8c4fb92d9e0c68d766eafeebbaf11a59036

This example is working for flowable-ui-modeler

[krishnakumar-ls]

@ajcamilo @srinathganesh1 Is this issue fixed? I got the same issue - RESTEASY003210: Could not find resource for full path: http://localhost:8080/flowable-task

[ajcamilo]

@krishnakumar-ls I've only did the modifications in the project flowable-ui-modeler, but if you need for the other projects, just do the same changes from this commit: https://github.com/premium-minds/flowable-keycloak-example/commit/69dda8c4fb92d9e0c68d766eafeebbaf11a59036?

[krishnakumar-ls]

@ajcamilo I did the changes in flowable-task project as per this commit https://github.com/premium-minds/flowable-keycloak-example/commit/69dda8c4fb92d9e0c68d766eafeebbaf11a59036 But still I got the same issue(RESTEASY003210: Could not find resource for full path).

[ajcamilo]

I'll try to get some time in the weekend to check that out, ok?

[krishnakumar-ls]

@ajcamilo Sure.

[ajcamilo]

@krishnakumar-ls what is the version of flowable you are using?

[krishnakumar-ls]

@ajcamilo I'm using Flowable 6.5.0

[krishnakumar-ls]

@ajcamilo Got 404 error for the URL 'http://localhost:8080/flowable-task/' after redirect from keycloak auth server.

[ajcamilo]

Sorry for the delay @krishnakumar-ls

Checkout the new version of https://github.com/premium-minds/flowable-keycloak-example/commit/9d1314a3be5d9f02889eb61c093c1a5a95e9c522

Now flowable-task uses keycloak authentication.

[krishnakumar-ls]

@ajcamilo Thank you! I will try this checkout https://github.com/premium-minds/flowable-keycloak-example/commit/9d1314a3be5d9f02889eb61c093c1a5a95e9c522 Can you you share me the configuration changes in flowable-ui-*-app>src>main>docker>docker-compose.yml to build a flowable docker image.

[ajcamilo]

add the following to the environment part of the flowable app:

      - KEYCLOAK_URL=<url to keycloak>
      - KEYCLOAK_REALM=<keycloak realm>
      - KEYCLOAK_ISSUER-URL=<issuer url>
      - KEYCLOAK_CLIENT_CLIENT-ID=<client id>
      - KEYCLOAK_CLIENT_CLIENT-SECRET=<client secret>

[Sanlisi]

@srinathganesh1 hi, have you solved your problem?

[Sanlisi]

@ajcamilo hi, I have a problem , when I run flowable-ui-modeler project there is an error in the program,can you tell me the reason？ thank you .

Caused by: java.lang.ClassNotFoundException: com.premiumminds.flowable.conf.KeycloakProperties at java.net.URLClassLoader.findClass(URLClassLoader.java:381) ~[?:1.8.0_161] at java.lang.ClassLoader.loadClass(ClassLoader.java:424) ~[?:1.8.0_161] at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:338) ~[?:1.8.0_161] at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ~[?:1.8.0_161] at org.springframework.boot.devtools.restart.classloader.RestartClassLoader.loadClass(RestartClassLoader.java:144) ~[spring-boot-devtools-2.2.2.RELEASE.jar:2.2.2.RELEASE] at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ~[?:1.8.0_161] at java.lang.Class.getDeclaredMethods0(Native Method) ~[?:1.8.0_161] at java.lang.Class.privateGetDeclaredMethods(Class.java:2701) ~[?:1.8.0_161] at java.lang.Class.getDeclaredMethods(Class.java:1975) ~[?:1.8.0_161] at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:463) ~[spring-core-5.2.2.RELEASE.jar:5.2.2.RELEASE] ... 26 more

Process finished with exit code 0

[ajcamilo]

@Sanlisi, did you check this out? https://github.com/premium-minds/flowable-keycloak-example

You can see this commit https://github.com/premium-minds/flowable-keycloak-example/commit/69dda8c4fb92d9e0c68d766eafeebbaf11a59036 It has all the changes needed to the flowable project for the modeler to work with keycloak.

[Sanlisi]

@ajcamilo hi, yesterday’s problem has been solved, but when I access: "localhost:8888/flowable-modeler"，the following error occurred，

Whitelabel Error Page This application has no explicit mapping for /error, so you are seeing this as a fallback. Sat Oct 10 09:42:06 CST 2020 There was an unexpected error (type=Internal Server Error, status=500). javax.ws.rs.ForbiddenException: HTTP 403 Forbidden com.google.common.util.concurrent.UncheckedExecutionException: javax.ws.rs.ForbiddenException: HTTP 403 Forbidden at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2051) at com.google.common.cache.LocalCache.get(LocalCache.java:3951) at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3974) at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4958) at com.premiumminds.flowable.service.KeycloakServiceImpl.getUser(KeycloakServiceImpl.java:154) at com.premiumminds.flowable.filter.AuthenticationHandler.authenticationCallbackHandler(AuthenticationHandler.java:115) at com.premiumminds.flowable.filter.KeycloakCookieFilter.doFilterInternal(KeycloakCookieFilter.java:108) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92) at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:108) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:526) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1591) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) Caused by: javax.ws.rs.ForbiddenException: HTTP 403 Forbidden at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.handleErrorStatus(ClientInvocation.java:223) at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.extractResult(ClientInvocation.java:195) at org.jboss.resteasy.client.jaxrs.internal.proxy.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:62) at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invokeSync(ClientInvoker.java:151) at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:112) at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76) at com.sun.proxy.$Proxy154.toRepresentation(Unknown Source) at com.premiumminds.flowable.service.KeycloakServiceImpl$1.load(KeycloakServiceImpl.java:90) at com.premiumminds.flowable.service.KeycloakServiceImpl$1.load(KeycloakServiceImpl.java:86) at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3529) at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2278) at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2155) at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2045) ... 57 more

so , I have some questions:

1. can you give me some images of keycloak ui ?
2. What does mean of “The view-users and view-groups scopes in both client scopes and service account scopes.” ? and where to set up it ? ------
3. keycloak.client.scope = openid roles ------ Where to set up openid roles?

thank you.

[krishnakumar-ls]

@Sanlisi This exception is raised due to user permission issue. You have to add client service account roles by click client -> select 'Service Account Roles' tab -> Add client roles & have to add client role mapping by click user -> select 'Role Mapping' -> add client roles

[Sanlisi]

@krishnakumar-ls @ajcamilo Sorry, I tried your method, but it still doesn’t work，so can you give me a complete images of keycloak ui ? Currently my configuration is like this

Can you give me your email? thank you very much

[ajcamilo]

@Sanlisi the view-users and view-groups roles are from the client realm-management

[Sanlisi]

@ajcamilo @srinathganesh1 hi , according to your prompt, yesterday’s problem has been solved, but I encountered a new problem，when I visit the page：http://localhost:8888/flowable-modeler, as if the page has been refreshing，Why is that？ Where does Kaycloak UI need to be configured? thank you very much。

[srinathganesh1]

Sorry to jump the topic in a different direction (still related to keycloak SSO)

I have not personally tried it, but based on release notes it seems latest flowable has built in keycloak support

• Ref: https://blog.flowable.org/2020/10/12/flowable-6-6-0-release/
• Quote: "Support for OAuth2 authentication is added to the Flowable UI App, with Keycloak as an example implementation."

[Sanlisi]

@srinathganesh1 @ajcamilo the problem has been solved，I use the 6.6 version，Ref: https://blog.flowable.org/2020/10/12/flowable-6-6-0-release/ ，thank you very much