Can login in IDM but unable to login to Flowable Apps(Admin,Modeler and Task) - Flowable v6.4.1

Anand · September 20, 2019, 12:36pm

We are deploying Flowable BPM v6.4.1 on AWS , we can’t login to Task, Modeler or Admin They keep redirecting to the IDM login page. I can ,however,login to IDM itself,

and see the users.I am not able to replicate this issue in local though for the same build.

I could find this relevant link for this issue but it does not help either -

Can you please help us what could be the issue ? In case of any additional info required,please let me know

rgorzkowski · September 20, 2019, 2:50pm

Hi @Anand

It’s hard to help you without seeing your configuration but maybe you change admin password?
Have you tried this Redirect issue at login ?

Anand · September 23, 2019, 4:15am

@rgorzkowski
there are no change in the configuration admin password is same as earlier all the configurations are same except now we are using mysql version 8 and admin properties file configuration.
server.port=9988
server.servlet.context-path=/flowable-admin
management.endpoints.jmx.unique-names=true

This is needed to force use of JDK proxies instead of using CGLIB

spring.aop.proxy-target-class=false
spring.aop.auto=false
spring.application.name=flowable-ui-admin
spring.liquibase.enabled=false
spring.servlet.multipart.max-file-size=10MB
spring.banner.location=classpath:/org/flowable/spring/boot/flowable-banner.txt

The default domain for generating ObjectNames must be specified. Otherwise when multiple Spring Boot applications start in the same servlet container

all would be created with the same name (com.zaxxer.hikari:name=dataSource,type=HikariDataSource) for example

spring.jmx.default-domain=${spring.application.name}

Expose all actuator endpoints to the web

They are exposed, but only authenticated users can see /info and /health abd users with access-admin can see the others

management.endpoints.web.exposure.include=*

Full health details should only be displayed when a user is authorized

management.endpoint.health.show-details=when_authorized

Only users with role access-admin can access full health details

management.endpoint.health.roles=access-admin

Spring prefixes the roles with ROLE_. However, Flowable does not have that concept yet, so we need to override that with an empty string

flowable.common.app.role-prefix=

H2 example (default)

#spring.datasource.driver-class-name=org.h2.Driver
#spring.datasource.url=jdbc:h2:~/flowable-db/db;AUTO_SERVER=TRUE;AUTO_SERVER_PORT=9091;DB_CLOSE_DELAY=-1

#spring.datasource.driver-class-name=com.mysql.jdbc.Driver
#spring.datasource.url=jdbc:mysql://{MYSQL_HOST}:{MYSQL_PORT}/${MYSQL_DATABASE}?characterEncoding=UTF-8

spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.datasource.url=jdbc:mysql://172.16.23.6:3306/flowable?characterEncoding=UTF-8

#spring.datasource.url=jdbc:mysql://172.16.23.27:3309/flowable?characterEncoding=UTF-8
#spring.datasource.driver-class-name=org.postgresql.Driver
#spring.datasource.url=jdbc:postgresql://localhost:5432/flowableadmin

#spring.datasource.driver-class-name=com.microsoft.sqlserver.jdbc.SQLServerDriver
#spring.datasource.url=jdbc:sqlserver://localhost:1433;databaseName=flowableadmin

#spring.datasource.driver-class-name=oracle.jdbc.driver.OracleDriver
#spring.datasource.url=jdbc:oracle:thin:@localhost:1521:FLOWABLEADMIN

#spring.datasource.driver-class-name=com.ibm.db2.jcc.DB2Driver
#spring.datasource.url=jdbc:db2://localhost:50000/flowableadmin

#spring.datasource.username=flowable
#spring.datasource.password=flowable

#Mysql Connection
#spring.datasource.username={MYSQL_USER} #spring.datasource.password={MYSQL_PASSWORD}

spring.datasource.username=secureadmin
spring.datasource.password=Reno$1234

JNDI CONFIG

If uncommented, the datasource will be looked up using the configured JNDI name.

This will have preference over any datasource configuration done below that doesn’t use JNDI

Eg for JBoss: java:jboss/datasources/flowableDS

#spring.datasource.jndi-name==jdbc/flowableDS

Set whether the lookup occurs in a J2EE container, i.e. if the prefix “java:comp/env/” needs to be added if the JNDI

name doesn’t already contain it. Default is “true”.

#datasource.jndi.resourceRef=true

Connection pool (see https://github.com/brettwooldridge/HikariCP#configuration-knobs-baby)

10 minutes

spring.datasource.hikari.maxLifetime=600000

5 minutes

spring.datasource.hikari.idleTimeout=300000
spring.datasource.hikari.minimumIdle=5
spring.datasource.hikari.maximumPoolSize=50

test query for H2, MySQL, PostgreSQL and Microsoft SQL Server

#spring.datasource.hikari.connection-test-query=select 1

test query for Oracle

#spring.datasource.hikari.connection-test-query=SELECT 1 FROM DUAL

test query for DB2

#spring.datasource.hikari.connection-test-query=SELECT current date FROM sysibm.sysdummy1

Default REST endpoint configs

Process engine

flowable.admin.app.server-config.process.name=Flowable Process app
flowable.admin.app.server-config.process.description=Flowable Process REST config
flowable.admin.app.server-config.process.server-address=http://172.16.23.6
flowable.admin.app.server-config.process.port=9988
flowable.admin.app.server-config.process.context-root=flowable-task
flowable.admin.app.server-config.process.rest-root=process-api
flowable.admin.app.server-config.process.user-name=admin
flowable.admin.app.server-config.process.password=test

CMMN engine

flowable.admin.app.server-config.cmmn.name=Flowable CMMN app
flowable.admin.app.server-config.cmmn.description=Flowable CMMN REST config
flowable.admin.app.server-config.cmmn.server-address=http://172.16.23.6
flowable.admin.app.server-config.cmmn.port=9988
flowable.admin.app.server-config.cmmn.context-root=flowable-task
flowable.admin.app.server-config.cmmn.rest-root=cmmn-api
flowable.admin.app.server-config.cmmn.user-name=admin
flowable.admin.app.server-config.cmmn.password=test

App engine

flowable.admin.app.server-config.app.name=Flowable App app
flowable.admin.app.server-config.app.description=Flowable App REST config
flowable.admin.app.server-config.app.server-address=http://172.16.23.6
flowable.admin.app.server-config.app.port=9988
flowable.admin.app.server-config.app.context-root=flowable-task
flowable.admin.app.server-config.app.rest-root=app-api
flowable.admin.app.server-config.app.user-name=admin
flowable.admin.app.server-config.app.password=test

DMN engine

flowable.admin.app.server-config.dmn.name=Flowable DMN app
flowable.admin.app.server-config.dmn.description=Flowable DMN REST config
flowable.admin.app.server-config.dmn.server-address=http://172.16.23.6
flowable.admin.app.server-config.dmn.port=9988
flowable.admin.app.server-config.dmn.context-root=flowable-task
flowable.admin.app.server-config.dmn.rest-root=dmn-api
flowable.admin.app.server-config.dmn.user-name=admin
flowable.admin.app.server-config.dmn.password=test

Form engine

flowable.admin.app.server-config.form.name=Flowable Form app
flowable.admin.app.server-config.form.description=Flowable Form REST config
flowable.admin.app.server-config.form.server-address=http://172.16.23.6
flowable.admin.app.server-config.form.port=9988
flowable.admin.app.server-config.form.context-root=flowable-task
flowable.admin.app.server-config.form.rest-root=form-api
flowable.admin.app.server-config.form.user-name=admin
flowable.admin.app.server-config.form.password=test

Content engine

flowable.admin.app.server-config.content.name=Flowable Content app
flowable.admin.app.server-config.content.description=Flowable Content REST config
flowable.admin.app.server-config.content.server-address=http://172.16.23.6
flowable.admin.app.server-config.content.port=9988
flowable.admin.app.server-config.content.context-root=flowable-task
flowable.admin.app.server-config.content.rest-root=content-api
flowable.admin.app.server-config.content.user-name=admin
flowable.admin.app.server-config.content.password=test

Passwords for rest endpoints and master configs are stored encrypted in the database using AES/CBC/PKCS5PADDING

It needs a 128-bit initialization vector (http://en.wikipedia.org/wiki/Initialization_vector)

and a 128-bit secret key represented as 16 ascii characters below

Do note that if these properties are changed after passwords have been saved, all existing passwords

will not be able to be decrypted and the password would need to be reset in the UI.

flowable.admin.app.security.encryption.credentials-i-v-spec=j8kdO2hejA9lKmm6
flowable.admin.app.security.encryption.credentials-secret-spec=9FGl73ngxcOoJvmL
spring.security.filter.dispatcher-types=REQUEST,FORWARD,ASYNC

#flowable.common.app.idm-url=${FLOWABLE_IDM_URL}/flowable-idm
flowable.common.app.idm-url=http://192.168.100.244:7080/flowable-idm
##flowable.common.app.idm-url=http://142.93.215.128:30006/flowable-idm

flowable.common.app.idm-admin.user=admin
flowable.common.app.idm-admin.password=test
#flowable.admin.app.security.preemptive-basic-authentication=true