Uploaded image for project: 'jBPM'
  1. jBPM
  2. JBPM-8673

Error thrown in KeyCloak integration: Kie Server managed by Business Central

    XMLWordPrintable

Details

    • Bug
    • Resolution: Not a Bug
    • Major
    • None
    • 7.24.0.Final
    • KieServer
    • None
    • NEW
    • NEW
    • Hide

      Unzip a clean jBPM 7.24.0;
      Unzip a clean Keycloak 4.8.3;

      Install adapter in jbpm:
      Unzip and install keycloak-wildfly-adapter-dist-4.8.3.Final.zip in the jBPM 7.24.0 folder;
      → bin/jboss-cli.sh --file=bin/adapter-install-offline.cli

      Start KC:
      ./bin/standalone.sh -Djboss.socket.binding.port-offset=100

      Import attached realm kie_realm.json;
      It contains 2 clients, one for kie-server and one for business central;

      Use the attached standalone.xml in your jbpm installation;
      Modifications:
      Added the two secure deployments
      Added system properties for connectivity (same user/pass configured on KC)

              <property name="org.kie.server.user" value=""/>
        <property name="org.kie.server.pwd" value=""/>
        <property name="org.kie.server.controller.user" value=""/>
        <property name="org.kie.server.controller.pwd" value=""/>

      Start jbpm:
      ./bin/standalone.sh

      Following error appears when kie server tries to connect to bc:

      23:46:29,346 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /business-central/rest/controller/server/sample-server: java.lang.IllegalStateException: Should never be called in Keycloak flow
	at org.keycloak.keycloak-undertow-adapter@4.8.3.Final//org.keycloak.adapters.undertow.KeycloakServletExtension$2.verify(KeycloakServletExtension.java:167)
	at io.undertow.core@2.0.13.Final//io.undertow.security.impl.SecurityContextImpl.login(SecurityContextImpl.java:198)
	at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.spec.HttpServletRequestImpl.login(HttpServletRequestImpl.java:483)
	at deployment.business-central.war//org.uberfire.ext.security.server.ServletSecurityAuthenticationService.login(ServletSecurityAuthenticationService.java:69)
	at deployment.business-central.war//org.uberfire.ext.security.server.ServletSecurityAuthenticationService$Proxy$_$$_WeldClientProxy.login(Unknown Source)
	at deployment.business-central.war//org.uberfire.ext.security.server.BasicAuthSecurityFilter.authenticate(BasicAuthSecurityFilter.java:157)
	at deployment.business-central.war//org.uberfire.ext.security.server.BasicAuthSecurityFilter.doFilter(BasicAuthSecurityFilter.java:94)
	at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
	at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at deployment.business-central.war//org.uberfire.ext.security.server.SecureHeadersFilter.doFilter(SecureHeadersFilter.java:110)
	at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
	at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at deployment.business-central.war//org.uberfire.ext.security.server.SecurityIntegrationFilter.doFilter(SecurityIntegrationFilter.java:70)
	at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
      Show
      Unzip a clean jBPM 7.24.0; Unzip a clean Keycloak 4.8.3; Install adapter in jbpm: Unzip and install keycloak-wildfly-adapter-dist-4.8.3.Final.zip in the jBPM 7.24.0 folder; → bin/jboss-cli.sh --file=bin/adapter-install-offline.cli Start KC: ./bin/standalone.sh -Djboss.socket.binding.port-offset=100 Import attached realm kie_realm.json; It contains 2 clients, one for kie-server and one for business central; Use the attached standalone.xml in your jbpm installation; Modifications: Added the two secure deployments Added system properties for connectivity (same user/pass configured on KC) <property name="org.kie.server.user" value=""/> <property name="org.kie.server.pwd" value=""/> <property name="org.kie.server.controller.user" value=""/> <property name="org.kie.server.controller.pwd" value=""/> Start jbpm: ./bin/standalone.sh Following error appears when kie server tries to connect to bc: 23:46:29,346 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /business-central/rest/controller/server/sample-server: java.lang.IllegalStateException: Should never be called in Keycloak flow at org.keycloak.keycloak-undertow-adapter@4.8.3.Final//org.keycloak.adapters.undertow.KeycloakServletExtension$2.verify(KeycloakServletExtension.java:167) at io.undertow.core@2.0.13.Final//io.undertow.security.impl.SecurityContextImpl.login(SecurityContextImpl.java:198) at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.spec.HttpServletRequestImpl.login(HttpServletRequestImpl.java:483) at deployment.business-central.war//org.uberfire.ext.security.server.ServletSecurityAuthenticationService.login(ServletSecurityAuthenticationService.java:69) at deployment.business-central.war//org.uberfire.ext.security.server.ServletSecurityAuthenticationService$Proxy$_$$_WeldClientProxy.login(Unknown Source) at deployment.business-central.war//org.uberfire.ext.security.server.BasicAuthSecurityFilter.authenticate(BasicAuthSecurityFilter.java:157) at deployment.business-central.war//org.uberfire.ext.security.server.BasicAuthSecurityFilter.doFilter(BasicAuthSecurityFilter.java:94) at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at deployment.business-central.war//org.uberfire.ext.security.server.SecureHeadersFilter.doFilter(SecureHeadersFilter.java:110) at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at deployment.business-central.war//org.uberfire.ext.security.server.SecurityIntegrationFilter.doFilter(SecurityIntegrationFilter.java:70) at io.undertow.servlet@2.0.13.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)

    Description

      When integrating jBPM with Keycloak, and using a Kie Server managed by Business Central, the following error is thrown (full logs attached):

      23:17:11,447 ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /business-central/rest/controller/server/sample-server: java.lang.IllegalStateException: Should never be called in Keycloak flow

      Business Central can be accessed with configured used in KC.
      Kie Server can be accessed with configured used in KC.
      But Business Central cannot control Kie Server.

      Attachments

        1. kie_realm.json
          54 kB
          Karina Varela
        2. server.log
          292 kB
          Karina Varela
        3. standalone.xml
          33 kB
          Karina Varela

        Issue Links

          relates to

          Bug - A problem that impairs or prevents the functions of the product. RHPAM-2277 Error thrown in KeyCloak integration: Kie Server managed by Business Central

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              elguardian@gmail.com Enrique González Martínez (Inactive)
              kvarela@redhat.com Karina Varela (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: