Access mode: direct 
Database: mariadb 10
I abandoned tries with Flowable a few months ago following very weirds behaviours which I describe afterwards.
Sincerely speaking, it’s banging your head against the walls.
To summarize, only admin account works correctly when it works.
Consequently, the software cannot be put in users’ hands this way.
- It’s always possible to connect to -idm portal even for non-admin accounts as soon as they are allowed (through privileges) to connect to -idm.
For other modules (-modeler, -task, -admin) to be reachable, points (2) and sometimes (3) are needed.
Admin password needs to be specified in the docker-compose.yml file.
- FLOWABLE_COMMON_APP_IDM-ADMIN_PASSWORD=< password > 
And, thereafter, ONLY admin can access modeler, tasks and admin modules.
Even if other accounts are allowed through privileges to manage these modules, it’s a never-ending loop back to the login page.
And sometimes it doesn’t work anymore: impossible, even for the admin to connect, except (1), always, on the -idm portal. For what reason ? Don’t know.
In this case, something amongst:
- FLOWABLE.REST.APP.ADMIN.USER-ID=rest-admin - FLOWABLE.REST.APP.ADMIN.PASSWORD=< password > - FLOWABLE.REST.APP.ADMIN.PASSWORD=test - FLOWABLE.REST.APP.ADMIN.FIRST-NAME=Rest - FLOWABLE.REST.APP.ADMIN.LAST-NAME=Admin
or, maybe, some of the
- FLOWABLE_ADMIN_APP_SERVER-CONFIG_APP_* variables
need to be activated to unblock the situation.
Once unblocked, only
- FLOWABLE_COMMON_APP_IDM-ADMIN_PASSWORD=< password >
Please note that before the unblocking, no module is working at all (but -idm of course).
- Moreover, in order to work admin password has to be in clear in a configuration file (docker-compose.yml). Very unsecure.
BTW, passwords are also in clear in the database. Another unsecure feature.
Can someone explains why such quirky behaviours exist in this product?
Despite that, it’s an amazing product that has the big advantage of gathering everything in the same location: engine, designing, management and administration.
 Initially Flowable was behind a nginx but, in order to tell pb apart, it’s now direct.
 The admin password is no more the orginal one.