JBPM KIE Server Token Based Authentication

Question

I have successfully installed and configured JBPM 7.40.0 and Keycloak 11.0.0 on the same server instance as per the documentation . I can succesfully do GET http://myserver/kie-server/services/rest/server using basic authentication. Performing the same call with a JWTToken I succesfully got from keycloak however results in UnAuthorized. As the same user authenticates via Basic Authentication the roles are fine. Why is Oauth failing? Do I need to configure something on my JBPM install to get it to run?

Note that I am running the kie server and business central on the same wildfly instance.

score 0 · Answer 1 · answered Aug 04 '20 at 19:10

I enabled http logging on WildFly as described here and my mistake became apparent. The secure deployment targeting the war file under consideration within the keycloak subsystem in the standalone.xml had the auth-server-url with protocoal http. I was retrieving the token from Keycloak via https. The following error then appeared

Expected 'http://kc-server/auth/realms/my-realm', but was 'https://kc-server/auth/realms/my-realm'"

Retrieving the token via http resolved the issue. Truthfully I should rather configure Wildfly to use https however as I am using self signed certificates I found it easier initially to just use http.

The exception is also apparent in the original response WWW-Authenticate response header. — Khetho Mtembo, Aug 05 '20 at 06:20

JBPM KIE Server Token Based Authentication

1 Answers1