Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

KeycloakPlugin freezes Camunda Platform when user claims task

See original GitHub issue



Camunda Platform Run 7.15.0 KeycloackIdentifyProviderPlugin 2.1.0 Keycloak 13

I am not sure anymore that the refresh token thing has something to do with this, so we can probably close #68 as it is only a finding while actually investigating this issue: Everything is fine, until I claim my first user task. The UI does not respond to the claim, but in database, I can verify that I am the assigne. Also in camunda cockpit I am the assignee: image

Also in Task Authorization, I can see that I have ALL rights to the task. image

But I cannot work on the task. From that time on, opening the task list crashes the database access after 30 seconds:

2021-07-14T19:17:46.097265933Z org.springframework.transaction.CannotCreateTransactionException: Could not open JDBC Connection for transaction; nested exception is java.sql.SQLTransientConnectionException: HikariPool-1 - Connection is not available, request timed out after 30000ms.
2021-07-14T19:17:46.097270122Z 	at org.springframework.jdbc.datasource.DataSourceTransactionManager.doBegin( ~[spring-jdbc-5.3.4.jar!/:5.3.4]
2021-07-14T19:17:46.097274053Z 	at ~[spring-tx-5.3.4.jar!/:5.3.4]
2021-07-14T19:17:46.097277851Z 	at ~[spring-tx-5.3.4.jar!/:5.3.4]
2021-07-14T19:17:46.097281325Z 	at ~[spring-tx-5.3.4.jar!/:5.3.4]
2021-07-14T19:17:46.097284797Z 	at org.camunda.bpm.engine.spring.SpringTransactionInterceptor.execute( ~[camunda-engine-spring-7.15.0.jar!/:7.15.0]
2021-07-14T19:17:46.097288112Z 	at org.camunda.bpm.engine.impl.interceptor.ProcessApplicationContextInterceptor.execute( ~[camunda-engine-7.15.0.jar!/:7.15.0]
2021-07-14T19:17:46.097291475Z 	at org.camunda.bpm.engine.impl.interceptor.CommandCounterInterceptor.execute( ~[camunda-engine-7.15.0.jar!/:7.15.0]
2021-07-14T19:17:46.097294805Z 	at org.camunda.bpm.engine.impl.interceptor.LogInterceptor.execute( ~[camunda-engine-7.15.0.jar!/:7.15.0]
2021-07-14T19:17:46.097310237Z 	at org.camunda.bpm.engine.impl.IdentityServiceImpl.isReadOnly( ~[camunda-engine-7.15.0.jar!/:7.15.0]
2021-07-14T19:17:46.097314066Z 	at org.camunda.bpm.webapp.impl.engine.ProcessEnginesFilter.needsInitialUser( ~[camunda-webapp-7.15.0-classes.jar:7.15.0]
2021-07-14T19:17:46.097318850Z 	at org.camunda.bpm.webapp.impl.engine.ProcessEnginesFilter.serveIndexPage( ~[camunda-webapp-7.15.0-classes.jar:7.15.0]
2021-07-14T19:17:46.097322545Z 	at org.camunda.bpm.webapp.impl.engine.ProcessEnginesFilter.applyFilter( ~[camunda-webapp-7.15.0-classes.jar:7.15.0]
2021-07-14T19:17:46.097325836Z 	at org.camunda.bpm.webapp.impl.filter.AbstractTemplateFilter.doFilter( ~[camunda-webapp-7.15.0-classes.jar:7.15.0]
2021-07-14T19:17:46.097329121Z 	at org.camunda.bpm.spring.boot.starter.webapp.filter.LazyDelegateFilter.doFilter( ~[camunda-bpm-spring-boot-starter-webapp-core-7.15.0.jar:7.15.0]

After a few minutes, camunda platform recovers, but as soon as I open the task list, the db connection crashes again.

If I remove the assigne from the task (either through direct DB access or cockpit), I can again open the complete tasklist. But as soon as I claim a task, weirdness starts all over.

And this only happens, when I have the KeycloakPlugin installed. It works fine without it. This is so confusing 😕

Regards, Markus

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:19

github_iconTop GitHub Comments

VonDerBeckcommented, Jul 19, 2021

Hmmm… Just thinking out aloud: It says “2021-07-14T19:17:46.097265933Z org.springframework.transaction.CannotCreateTransactionException: Could not open JDBC Connection for transaction; nested exception is java.sql.SQLTransientConnectionException: HikariPool-1 - Connection is not available, request timed out after 30000ms.” So there are no database connections available any more. The plugin does nothing special with transactions. All REST queries against Keycloak might be part of an overal Camunda transaction, ok. The plugin might query authorization information which is still part of the database and not Keycloak. By setting authorizationCheckEnabled to false this is disabled.

What database do you use for Camunda? Have you configured the connection pool? What is your min size and max size?


might give you further debug info on the queries against the Identity Provider Plugin and the ones sent to Keycloak. Would be interesting to see what happens once you try to open the task list.

VonDerBeckcommented, Jul 19, 2021

The snapshot seems to have missing dependencies:

│ Caused by: java.lang.ClassNotFoundException: com.github.benmanes.caffeine.cache.Ticker                                                                                                                                                                                                                                    ││     at java.base/ ~[na:na]                                                                                                                                                                                                                                      ││     at java.base/java.lang.ClassLoader.loadClass( ~[na:na]                                                                                                                                                                                                                                           ││     at org.springframework.boot.loader.LaunchedURLClassLoader.loadClass( ~[camunda-bpm-run-core.jar:7.15.0]                                                                                                                                                                               ││     at java.base/java.lang.ClassLoader.loadClass( ~[na:na]    

Sorry for that. So we currently can’t test it using the supposed new cache feature. The build process started to have problems with the maven shade plugin here on the community hub - which should not affect you and is a different story. So the cache feature is sadly not near to be released and will take some time. It would have been a quick identication that your Keycloak server is not that responsive…

Read more comments on GitHub >

github_iconTop Results From Across the Web

[Keycloak] Opening Tasklist crashes Camunda Run platform
Hi, I am running Camunda Platform 7.14 run on Kubernetes with Keycloak Plugin 2.0.0 We started creating User Tasks in ower process model, ......
Read more >
Keycloak Identity Provider Extension Released - Camunda
Keycloak™ is an Open Source Identity and Access Management platform including advanced features such as User Federation, Identity Brokering ...
Read more >
camunda-bpm-identity-keycloak - bytemeta
KeycloakPlugin freezes Camunda Platform when user claims task · UserId is always null when refresh token · Build Pipeline: Deploy artifacts doesn't work...
Read more >
Login not working with camunda-bpm-identity-keycloak plugin
-> in the default request header to: http://localhost:8080/camunda/api/admin/auth/user/default there is a status: 404 and the log in from ...
Read more >
camunda-bpm-identity-keycloak from camunda-community-hub
Camunda Platform 7 - Keycloak Identity Provider Plugin ... This is e.g. cause by open user list, press the claim button in the...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found