Keycloak Integration

Hello,

I’m trying to integrate flowable idm with keycloak which my microservice uses.
I’ve been trying to follow this blog post (What’s new with the Open Source Flowable UI Apps) but I get this error everytime.

Error creating bean with name 'idmSecurityConfiguration.IdmApiWebSecurityConfigurationAdapter'

Here is my yml config

security:
    oauth2:
      client:
        registration:
          keycloack:
            client-id: <id>
            client-secret: <secret>
            authorization-grant-type: authorization_code
        provider:
          keycloack:
            issuer-uri: http://localhost:8080/auth/realms/new
            user-name-attribute: preferred_username
      resourceserver:
        jwt:
          jwk-set-uri: http://localhost:8080/auth/realms/new/protocol/openid-connect/certs

flowable:
  common:
    app:
      security:
        type: oauth2
        o-auth2:
          authorities-attribute: groups
          groups-attribute: userGroups
  idm:
    app:
      keycloak:
        enabled: true
        server: http://localhost:8080/
        authentication-realm: master
        authentication-user: admin
        authentication-password: admin
        realm: new

Thanks in advance
Best regards
Umut

I have found out that the password can’t get the value from my config I think.

        @Bean
        @ConditionalOnClass({Jwt.class})
        @ConditionalOnMissingBean
        public ApiHttpSecurityCustomizer delegatingApiHttpSecurityCustomizer() {
            JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
            OAuth2 oAuth2 = this.commonAppProperties.getSecurity().getOAuth2();
            String authoritiesAttribute = oAuth2.getAuthoritiesAttribute();
            String groupsAttribute = oAuth2.getGroupsAttribute();
            Collection<String> defaultAuthorities = oAuth2.getDefaultAuthorities();
            Collection<String> defaultGroups = oAuth2.getDefaultGroups();
            converter.setJwtGrantedAuthoritiesConverter(new FlowableJwtGrantedAuthoritiesMapper(authoritiesAttribute, groupsAttribute, defaultAuthorities, defaultGroups));
            JwtApiHttpSecurityCustomizer jwtApiHttpSecurityCustomizer = new JwtApiHttpSecurityCustomizer(converter);
            String username = this.commonAppProperties.getIdmAdmin().getUser();
            String password = this.commonAppProperties.getIdmAdmin().getPassword();
            FixUserApiHttpSecurityCustomizer fixUserApiHttpSecurityCustomizer = new FixUserApiHttpSecurityCustomizer(username, this.deducePassword(password));
            return new DelegatingApiHttpSecurityCustomizer(Arrays.asList(fixUserApiHttpSecurityCustomizer, jwtApiHttpSecurityCustomizer));
        }

By debugging this code ( in org.flowable.ui.common.security.FlowableUiSecurityAutoConfiguration)
I see that this.commonAppProperties.getIdmAdmin().getPassword() returns null for some reason.
When I set the value to correct password when debugging, it works but I have another problem afterwards which is there are not task, modeler, admin or idm options when logged in. Just blank flowable page.

Integrating multiple applications with keycloak

  1. Add keycloak and spring-boot dependencies.
  2. CreateSecurityConfig. …
  3. Create applications. …
  4. Open command prompt and run docker-compose up to run keycloak.
  5. Open browser and enter the keycloak url. …
  6. Default username and password is ‘admin’ , ‘admin’.
  7. Click on Add Realm.