User list is not population when try to assign a task

hegde89 · March 23, 2021, 3:36pm

we are using the keyclock for authentication with AzureAD, we hosted the application inside the AKS
when we are trying to assign the user to a task, the registered user list is not getting populating.

API is giving the bellow error
General
Request URL: https://baseURL/flowable-ui/app/rest/workflow-users?filter=b
Request Method: GET
Status Code: 500
Remote Address: 20.67.127.93:443
Referrer Policy: strict-origin-when-cross-origin

Response Header
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: application/json
date: Tue, 23 Mar 2021 15:27:56 GMT
expires: 0
pragma: no-cache
server: istio-envoy
strict-transport-security: max-age=31536000 ; includeSubDomains
x-content-type-options: nosniff
x-envoy-upstream-service-time: 13
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Request Header
:authority: baseURL
:method: GET
:path: /flowable-ui/app/rest/workflow-users?filter=b
:scheme: https
accept: application/json, text/plain, /
accept-encoding: gzip, deflate, br
accept-language: en-GB,en;q=0.9
cache-control: no-cache, no-store, must-revalidate
cookie: JSESSIONID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
expires: 0
pragma: no-cache
referer: https://baseURL/flowable-ui/workflow/
sec-ch-ua: " Not A;Brand";v=“99”, “Chromium”;v=“90”, “Microsoft Edge”;v=“90”
sec-ch-ua-mobile: ?0
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-origin
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.30 Safari/537.36 Edg/90.0.818.14

Repose
{timestamp: “2021-03-23T15:27:56.364+00:00”, status: 500, error: “Internal Server Error”, message: “”,…}
error: “Internal Server Error”
message: “”
path: “/flowable-ui/app/rest/workflow-users”
status: 500
timestamp: “2021-03-23T15:27:56.364+00:00”

any help here please

yvo · March 23, 2021, 3:40pm

Hi…

first; when there is a 500 there will probably be error logging on the server.
Can you provide that?

Yvo

hegde89 · April 19, 2021, 5:20pm

Hi @yvo

we are able to see this log when we click on assignee

 2021-04-19 17:19:09.575 ERROR 1 --- [io-8080-exec-39] a.c.c.C.[.[.[.[Flowable IDM App Servlet] : Servlet.service() for servlet [Flowable IDM App Servlet] in context with path [/flowable-ui] threw exception [Request processing failed; nested exception is org.springframework.web.client.HttpClientErrorException$Unauthorized: 401 Unauthorized: [no body]] with root cause

org.springframework.web.client.HttpClientErrorException$Unauthorized: 401 Unauthorized: [no body]

hegde89 · April 19, 2021, 5:24pm

the following variable we are settingup

- env:
    - name: SERVER_PORT
      value: "8080"
    - name: SPRING_DATASOURCE_DRIVER-CLASS-NAME
      value: org.postgresql.Driver
    - name: SPRING_DATASOURCE_URL
      value: jdbc:postgresql://<databaseName>:5432/flowablembvstage
    - name: SPRING_DATASOURCE_USERNAME
      value: <databaseUserName>
    - name: SPRING_DATASOURCE_PASSWORD
      value: <Password>
    - name: FLOWABLE_COMMON_APP_IDM-ADMIN_USER
      value: admin
    - name: FLOWABLE_COMMON_APP_IDM-ADMIN_PASSWORD
      value: test
    - name: SPRING.SECURITY.OAUTH2.RESOURCESERVER.JWT.ISSUER-URI
      value: https://dnsName/auth/realms/Flowable
    - name: SPRING.SECURITY.OAUTH2.CLIENT.REGISTRATION.KEYCLOAK.CLIENT-ID
      value: flowable-client
    - name: SPRING.SECURITY.OAUTH2.CLIENT.REGISTRATION.KEYCLOAK.CLIENT-SECRET
      value: 5a63612b-c419-40fe-8d01-2f91689bb4c0
    - name: SPRING.SECURITY.OAUTH2.CLIENT.REGISTRATION.KEYCLOAK.AUTHORIZATION-GRANT-TYPE
      value: authorization_code
    - name: SPRING.SECURITY.OAUTH2.CLIENT.PROVIDER.KEYCLOAK.ISSUER-URI
      value: https://dnsName/auth/realms/Flowable
    - name: SPRING.SECURITY.OAUTH2.CLIENT.PROVIDER.KEYCLOAK.USER-NAME-ATTRIBUTE
      value: preferred_username
    - name: FLOWABLE_IDM_APP_KEYCLOAK_ENABLED
      value: "true"
    - name: FLOWABLE_IDM_APP_KEYCLOAK_SERVER
      value: https://dnsName
    - name: FLOWABLE_IDM_APP_KEYCLOAK_AUTHENTICATION-REALM
      value: master
    - name: FLOWABLE_IDM_APP_KEYCLOAK_AUTHENTICATION-USER
      value: mbvadmin
    - name: FLOWABLE_IDM_APP_KEYCLOAK_AUTHENTICATION-PASSWORD
      value: password
    - name: FLOWABLE_IDM_APP_KEYCLOAK_REALM
      value: Flowable
    - name: FLOWABLE.COMMON.APP.SECURITY.TYPE
      value: OAUTH2
    - name: FLOWABLE.COMMON.APP.SECURITY.OAUTH2.AUTHORITIES-ATTRIBUTE
      value: groups
    - name: FLOWABLE.COMMON.APP.SECURITY.OAUTH2.GROUPS-ATTRIBUTE
      value: userGroups
    - name: logging.level.org.flowable
      value: DEBUG
    image: flowable/flowable-ui:6.6.0

yvo · April 20, 2021, 6:17am

can you share a bit more logging?
It’s hard to pinpoint where the issue originates.
It looks like no credentials are being set on a request.

hegde89 · April 20, 2021, 1:16pm

@yvo thanks for pointing out the issue. yes one extra character was added by mistake in IDM variable
issue has been resolved

Topic		Replies	Views
REST API /runtime/tasks not working with candidateUser? Flowable Engine	9	1703	February 14, 2020
Keycloak for Task assignment Flowable Engine	7	61	August 30, 2024
User task not getting assigned to anyone Flowable Engine	10	1969	February 1, 2019
Flowable Keycloak all usersare added to all groups BUG Flowable Engine	4	808	January 18, 2023
Querying candidate users / groups from TaskService Flowable Engine	0	882	January 17, 2020

User list is not population when try to assign a task

Related topics