I got one issue when trying the above suggestion. After syncing with keycloak, it is creating one more entry in the USER table. ie there are two entries with same email id(admin@app.activiti.com). so i am getting error (below)
javax.persistence.NonUniqueResultException: result returns more than one elements
To avoid this problem, i was trying like the above.
hmm.. the admin user needs to be always created in APS. In case of LDAP sync that didn't cause any issues. I guess that you shouldn't create that user in Keycloak. You can set another user to have super admin permissions.
How can i set super user permission?.
i can add one entry in db manually. but is it a correct approach?. can i use this approach in production Machine ?.
You might have to write extension code or maybe the custom sync code should make sure to grant a specific user super admin permissions.
thanks the suggestion Bassam Al-Sarori.
Actually, we are having one app in production which was deployed in admin user(admin@app.activiti.com). Now client wants multiple AD support to our application. So we are going with keycloak approach. I am planning sync all the users except admin user from keycloak. is it a correct approach. can you please suggest what kind of approach i have follow?
Not synchronising the admin user seems the only solution for now.
Ask for and offer help to other Alfresco Process Services and Activiti Users and members of the Alfresco team.
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.