Uploaded image for project: 'jBPM'
  1. jBPM
  2. JBPM-8673

Error thrown in KeyCloak integration: Kie Server managed by Business Central

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Explained
    • Affects Version/s: 7.24.0.Final
    • Fix Version/s: None
    • Component/s: KieServer
    • Labels:
      None
    • Environment:

      jBPM 7.24.0 - jbpm-server-7.24.0.Final-dist.zip

      Keycloak 4.8.3 and also 6.0.1 (can be reproduced with both)

      keycloak-4.8.3.Final.zip
      keycloak-wildfly-adapter-dist-4.8.3.Final.zip

    • Steps to Reproduce:
      Hide

      Unzip a clean jBPM 7.24.0;
      Unzip a clean Keycloak 4.8.3;

      Install adapter in jbpm:
      Unzip and install keycloak-wildfly-adapter-dist-4.8.3.Final.zip in the jBPM 7.24.0 folder;
      → bin/jboss-cli.sh --file=bin/adapter-install-offline.cli

      Start KC:
      ./bin/standalone.sh -Djboss.socket.binding.port-offset=100

      Import attached realm kie_realm.json;
      It contains 2 clients, one for kie-server and one for business central;

      Use the attached standalone.xml in your jbpm installation;
      Modifications:
      Added the two secure deployments
      Added system properties for connectivity (same user/pass configured on KC)

              <property name="org.kie.server.user" value=""/>
              <property name="org.kie.server.pwd" value=""/>
              <property name="org.kie.server.controller.user" value=""/>
              <property name="org.kie.server.controller.pwd" value=""/>
      

      Start jbpm:
      ./bin/standalone.sh

      Following error appears when kie server tries to connect to bc:

      23:46:29,346 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /business-central/rest/controller/server/sample-server: java.lang.IllegalStateException: Should never be called in Keycloak flow
      	at org.keycloak.keycloak-undertow-adapter@4.8.3.Final//org.keycloak.adapters.undertow.KeycloakServletExtension$2.verify(KeycloakServletExtension.java:167)
      	at io.undertow.core@2.0.13.Final//io.undertow.security.impl.SecurityContextImpl.login(SecurityContextImpl.java:198)
      	at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.spec.HttpServletRequestImpl.login(HttpServletRequestImpl.java:483)
      	at deployment.business-central.war//org.uberfire.ext.security.server.ServletSecurityAuthenticationService.login(ServletSecurityAuthenticationService.java:69)
      	at deployment.business-central.war//org.uberfire.ext.security.server.ServletSecurityAuthenticationService$Proxy$_$$_WeldClientProxy.login(Unknown Source)
      	at deployment.business-central.war//org.uberfire.ext.security.server.BasicAuthSecurityFilter.authenticate(BasicAuthSecurityFilter.java:157)
      	at deployment.business-central.war//org.uberfire.ext.security.server.BasicAuthSecurityFilter.doFilter(BasicAuthSecurityFilter.java:94)
      	at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
      	at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
      	at deployment.business-central.war//org.uberfire.ext.security.server.SecureHeadersFilter.doFilter(SecureHeadersFilter.java:110)
      	at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
      	at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
      	at deployment.business-central.war//org.uberfire.ext.security.server.SecurityIntegrationFilter.doFilter(SecurityIntegrationFilter.java:70)
      	at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
      
      Show
      Unzip a clean jBPM 7.24.0; Unzip a clean Keycloak 4.8.3; Install adapter in jbpm: Unzip and install keycloak-wildfly-adapter-dist-4.8.3.Final.zip in the jBPM 7.24.0 folder; → bin/jboss-cli.sh --file=bin/adapter-install-offline.cli Start KC: ./bin/standalone.sh -Djboss.socket.binding.port-offset=100 Import attached realm kie_realm.json; It contains 2 clients, one for kie-server and one for business central; Use the attached standalone.xml in your jbpm installation; Modifications: Added the two secure deployments Added system properties for connectivity (same user/pass configured on KC) <property name="org.kie.server.user" value=""/> <property name="org.kie.server.pwd" value=""/> <property name="org.kie.server.controller.user" value=""/> <property name="org.kie.server.controller.pwd" value=""/> Start jbpm: ./bin/standalone.sh Following error appears when kie server tries to connect to bc: 23:46:29,346 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /business-central/rest/controller/server/sample-server: java.lang.IllegalStateException: Should never be called in Keycloak flow at org.keycloak.keycloak-undertow-adapter@4.8.3.Final//org.keycloak.adapters.undertow.KeycloakServletExtension$2.verify(KeycloakServletExtension.java:167) at io.undertow.core@2.0.13.Final//io.undertow.security.impl.SecurityContextImpl.login(SecurityContextImpl.java:198) at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.spec.HttpServletRequestImpl.login(HttpServletRequestImpl.java:483) at deployment.business-central.war//org.uberfire.ext.security.server.ServletSecurityAuthenticationService.login(ServletSecurityAuthenticationService.java:69) at deployment.business-central.war//org.uberfire.ext.security.server.ServletSecurityAuthenticationService$Proxy$_$$_WeldClientProxy.login(Unknown Source) at deployment.business-central.war//org.uberfire.ext.security.server.BasicAuthSecurityFilter.authenticate(BasicAuthSecurityFilter.java:157) at deployment.business-central.war//org.uberfire.ext.security.server.BasicAuthSecurityFilter.doFilter(BasicAuthSecurityFilter.java:94) at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at deployment.business-central.war//org.uberfire.ext.security.server.SecureHeadersFilter.doFilter(SecureHeadersFilter.java:110) at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at deployment.business-central.war//org.uberfire.ext.security.server.SecurityIntegrationFilter.doFilter(SecurityIntegrationFilter.java:70) at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      When integrating jBPM with Keycloak, and using a Kie Server managed by Business Central, the following error is thrown (full logs attached):

      23:17:11,447 ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /business-central/rest/controller/server/sample-server: java.lang.IllegalStateException: Should never be called in Keycloak flow

      Business Central can be accessed with configured used in KC.
      Kie Server can be accessed with configured used in KC.
      But Business Central cannot control Kie Server.

        Gliffy Diagrams

          Attachments

          1. kie_realm.json
            54 kB
          2. server.log
            292 kB
          3. standalone.xml
            33 kB

            Issue Links

              Activity

                People

                • Assignee:
                  elguardian Enrique González Martínez
                  Reporter:
                  karina.varela Karina Varela
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: