Flowable Keycloak all usersare added to all groups BUG

Hello, I think i found a problem…
I’m using Flowable with keycloak, and its all fine, I can create users, roles, groups in keycloak and it return the correct values in flowable.
For example if i login, the account request in the homepage (…9090/flowable-ui/) returns the user, and the group attribute confirms that the requestet user is in the selected groups.
However, When i go to the IDM App, I see all the Groups I’ve created in keycloak but when I click on a group, it appreas that all the users are part of that group, I doesn’t matter if the user is indeed or not in the group. All the users are in all the groups.

And i think this makes the tasks query with the “candidateOrAssigned” param unusable, because if i request tasks with {candidateOrAssigned: “username”} it return all the tasks, even if the task have CandidateGroups assigned, because the user is part of all the groups.

I have the Flowable docker setup with FLOWABLE.COMMON.APP.SECURITY.OAUTH2.AUTHORITIES-ATTRIBUTE=groups FLOWABLE.COMMON.APP.SECURITY.OAUTH2.GROUPS-ATTRIBUTE=userGroups
and I have the UserGroups mapping in the keycloak client.

Is it indeed a bug, or am i missing something?

Thank you.

i’m experiencing the same problem using the release 6.6 docker containers (ui-keycloak-postgres.sh launch script) … used the default setup, added two groups, and added a subset of the existing users into them … the result is that for each group, all users are listed in the IDM app as well as when querying via the rest interface.

is there a solution to this ?

best
Ulrich

1 Like

I also checked my keycloak service through the rest api with python-keycloak and keycloak is returning correct results for the handle.get_user_groups(username) calls - in the IDM App these group associations are not correct.

It would be important for us to understand how to resolve this issue so that we can deploy the new flowable setup using a modern IdP service.