LDAP authentication malfunctioning with valid credentials


I’m in need of a help with specific LDAP error.

Company’s LDAP is already an existing, running and external instance. Flowable All in One is being run as a Docker container, on my laptop locally. I’ve successfully connected the two and I’m able to log in the IDM application, see the LDAP users and groups. No problem with that. However, if I want to use any other Flowable application (Task/Admin/Modeler), I get redirected to the IDM login form, where I once again input valid credentials just to be redirected back to the said login form. The logs show an error which indicates I’ve given invalid credentials, but the Google Chrome “Network” tab disagrees and shows that the authentication succeeded. To make everything clear, I’m attaching as much info as I can below.

IDM authentication succeeds with my domain account, successful retrieval of users and groups

Before Modeler login, even though I’m logged in the IDM application

After Modeler login, redirect to same page

Authentication succeedes, but the log says otherwise

Could not create InitialDirContext for LDAP connection: [LDAP: error code 49 - 80090308: LdapErr: 
DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]

LDAP configuration that I pass as environment file


I can add more relevant stuff, if needed, but the “2 links, 1 image for new members” restrictions are really not helping.

Thanks in advance and best regards.

Any help whatsoever?

See: How To - Flowable and LDAP

Hi @Robinyo - I assume this is for general guidance and ideas for help, and not necessarilty a specific response?


Hi Paul,

I checked the forum this morning to see if there were any questions I might be able to help out with.

Any help whatsoever?

And, I thought that a working example (i.e., flowable/all-in-one & LDAP) would have been of some help.


Thanks, but it wasn’t of any help because it does not mention or even remotely touch the topic of my problem.

As said, company’s LDAP is already an existing, running and external instance. It is not OpenLDAP, it’s Microsoft AD.


When I was initially trying to get the flowable/all-in-one image to work with OpenLDAP I received a similar error message. After some trial and error I was able to resolve the issue by correctly setting the appropriate properties in my environment file and by creating an ldif file with two containers (users and groups) and one user (flowable):

Right, but unfortunately I don’t have time to set up OpenLDAP and do trial-n-error.

This looks like a trivial bug/problem/whatever and I can’t believe no one has a solution for it (even though I’ve seen other reports of this kind), so if anyone would have some concrete answers regarding the actual redirection issue upon successful authentication, I would be grateful.


The reason redirection isn’t working for you is because you haven’t successfully authenticated!

Try running the flowable/all-in-one image without LDAP, navigate to one of the Flowable UI Applications and you will be redirected to the Flowable Identity Management app. If you provide the appropriate credentials you will then be directed back to the Flowable UI app:


This picture shows I’ve successfully authenticated and entered the IDM application under “/flowable-idm” URL: https://pasteboard.co/IZEtWy8.png

I’ve also attached the picture of HTTP requests, which get successful response codes before redirecting back to the login screen, regardless of the supposed successful authentication.

It just boggles me that it’s possible to authenticate for IDM app without any problem, but any other app authentication fails.


I can successfully sign into the Flowable apps when using LDAP:

docker run -d --name flowable \
  -p 8080:8080 \
  --env-file ./ldap-env.txt \

and when not using LDAP:

docker run -d --name flowable \
  -p 8080:8080 \
  --env-file ./no-ldap-env.txt \







Note: If you don’t properly configure the default Administrator accounts you may be able to sign in to Flowable’s Identity Management application, however, you won’t be able to sign in to the other Flowable UI applications.

See: How To - Flowable and LDAP

I am building a new 10.3 test configuration consisting of an AD machine, a component server (CPM, PSM, etc.) and vault machine. This is supposed to be functionally the same as a configuration that I built several weeks ago, but I am building this new configuration because I am trying to clean up the installation procedures and my documentation.

My man, I understood it the first time you posted that you have it working with OpenLDAP. I replied that I have an Active Directory, and that authentication only works for IDM application, whereas other apps get redirected to the IDM login screen.

Hey everyone,

@fiki574, I don’t think that your tone is helpful to get your question answered.

Let’s analyse the problem a bit. Logging into the IDM Application, this means that the connection with LDAP is working and something else is the problem. So the problem is not whether it is OpenLDAP, or Microsoft AD or something completely different. It is related to the way the users are granted authorization for the Flowable UI applications.

If you read the Flowable IDM Application documentation you will see that there are 4 privileges:

  • access-idm: provides the privilege to manage users, groups and privileges
  • access-admin: allows the user to login to the Flowable Admin application, manage the Flowable engines and access the Actuator endpoints of all the applications
  • access-modeler: enables access to the Flowable Modeler application
  • access-task: provides the privilege to login to the Flowable Task application

These privileges control which user can see what. If we go into the source code of the IDM UI Application we can see:

This means that if no IDM privilege exists it would be created and assigned to the admin user, together with the privileges for the other applications. This happens only once on first start.

In your place I would go in the Privileges section of the IDM Application and have a look which user is assigned to which privilege.



Sorry if the tone of my replies sound harsh, not my intention, just pointing out that fellow member Rob does not need to repeat himself since I understood him the first time, regardless of his replies kind of missing my specific problem.

Okay, so it’s not tied to whether I’m using OpenLDAP or Microsoft AD, neither specific versions of said two tools.

The snippet you posted contains a log message that does not show up for me. I also provided my LDAP env configuration, which contains the property you’re referencing to:


Do I also need to specify the password and email properties tied to the upper two?

The “svgbf01” user is my user, and it gets the authorization/privileges for all Flowable applications. And with that Admin user I can log in only into the IDM application, regardless of having rights to access the others, where I get constantly redirected to the login screen.

So the only log I get is this one, also mentioned before:

2020-03-23 08:28:59.523  WARN 1 --- [nio-8080-exec-2] o.f.l.LDAPConnectionUtil                 : Could not create InitialDirContext for LDAP connection: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]

The credentials are 100% right, even though the log indicates otherwise.

That error can be shown when the user entering the password is incorrect (but you are saying that this is OK).

The other reason could be because


Is not valid. Basically because you have LDAP enabled whenever the Flowable Identity Service is used to fetch users or groups it would use that user and password to query the LDAP. Can you please verify that those 2 properties are correct?

Hey, I found the solution in the meantime.

I needed to specify all these properties, and not only the two referencing my user:


All applications are now normally accessible.

Glad to hear it’s resolved. Thanks for reporting the outcome.


1 Like

I gave same configuration to my docker configuration file but not solving issue. Configuration:

- FLOWABLE_IDM_APP_ADMIN_EMAIL=admin@flowable.org

Can you please help me for this?


I am facing same issue can you please help me to get sample docker configuration file with LDAP?