Hyland Connect

shadyuser · ‎08-24-2018

I am using the aps 1.9. i have integrated aps with keycloak. i am able to log in only if user is available in both aps and keycloak. so, how to sync aps(users) with keycloak?

bassam_al-saror · ‎08-28-2018

Have a look at this post it might be useful

SwazzyNotes, Designs, and SolutionsUser Synchronization in APS from Keycloak

View answer in original post

shadyuser · ‎09-05-2018

I got one issue when trying the above suggestion. After syncing with keycloak, it is creating one more entry in the USER table. ie there are two entries with same email id(admin@app.activiti.com). so i am getting error (below)

javax.persistence.NonUniqueResultException: result returns more than one elements

To avoid this problem, i was trying like the above.

bassam_al-saror · ‎09-05-2018

hmm.. the admin user needs to be always created in APS. In case of LDAP sync that didn't cause any issues. I guess that you shouldn't create that user in Keycloak. You can set another user to have super admin permissions.

shadyuser · ‎09-05-2018

How can i set super user permission?.

i can add one entry in db manually. but is it a correct approach?. can i use this approach in production Machine ?.

bassam_al-saror · ‎09-06-2018

You might have to write extension code or maybe the custom sync code should make sure to grant a specific user super admin permissions.

shadyuser · ‎09-06-2018

thanks the suggestion Bassam Al-Sarori‌.

Actually, we are having one app in production which was deployed in admin user(admin@app.activiti.com). Now client wants multiple AD support to our application. So we are going with keycloak approach. I am planning sync all the users except admin user from keycloak. is it a correct approach. can you please suggest what kind of approach i have follow?

bassam_al-saror · ‎09-06-2018

Not synchronising the admin user seems the only solution for now.