Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

此内容没有您所选择的语言版本。

12.2. Intelligent Process Server Authentication through RH-SSO

The Red Hat JBoss BPM Suite Intelligent Process Server provides a REST API for third-party clients. You can integrate the Intelligent Process Server with RH-SSO to delegate the third-party clients identity management to the RH-SSO server.

Once you have created a realm client for Business Central and set up the RH-SSO client adapter for EAP, you can repeat the same steps to integrate the Intelligent Process Server with RH-SSO.

To create a new client on your already created realm on RH-SSO admin console:

Procedure: Creating a Client for the Intelligent Process Server

  1. On the RH-SSO admin console, open the security realm that you created.

  2. Click Client tab from the main menu and click Create.

    The Add Client page opens.

  3. On the Add Client page, provide the required information to create a new client for your realm. For example:

    • Client ID: kie-execution-server
    • Root URL: http://localhost:8080/kie-server
    • Client protocol: openid-connect
  4. Navigate to the Credentials tab and copy the secret key and and paste it on the kie-execution-server client configuration screen.

  5. Click Save to save your changes.

    Once you create a new client, its access value is public by default. Change it to confidential.

To consume the Intelligent Process Server remote service endpoints, you must first create and assign the kie-server role in the RH-SSO admin console.

Procedure: Setting Up the Intelligent Process Server

  1. Navigate to EAP_HOME/standalone/configuration in your EAP installation and edit standalone.xml to add the RH-SSO subsystem configuration. For example: 

    <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
  <secure-deployment name="kie-server.war">
     <realm>demo</realm>
     <realm-public-key>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</realm-public-key>
     <auth-server-url>http://localhost:8180/auth</auth-server-url>
     <ssl-required>external</ssl-required>
     <resource>kie-execution-server</resource>
     <enable-basic-auth>true</enable-basic-auth>
     <credential name="secret">03c2b267-7f64-4647-8566-572be673f5fa</credential>
     <principal-attribute>preferred_username</principal-attribute>
  </secure-deployment>
</subsystem>

<system-properties>
  <property name="org.kie.server.sync.deploy" value="false"/>
</system-properties>
    Copy to Clipboard Toggle word wrap

    Here,

    • secure-deployment name: Name of your application WAR file.
    • realm: Name of the realm that you created for the applications to use.
    • realm-public-key: The public key of the realm you created. You can
    • find it in the Keys tab in the Realm settings page of the realm you created in the RH-SSO admin console. If you do not provide a value for this public key, the server retrieves it automatically.
    • auth-server-url: The URL for the RH-SSO authentication server.
    • resource: The name for the server client that you created.
    • enable-basic-auth: The setting to enable basic authentication mechanism, so that the clients can use both token-based and basic authentication approaches to perform the requests.
    • credential name: The secret key of the server client you created. You can find it in the Credentials tab on the Clients page of the RH-SSO admin console.
    • principal-attribute: The login name of the user. If you do not provide this value, your User Id is displayed in the application instead of your user name.
  2. Save your configuration changes in standalone.xml.

  3. Use the following command to restart the EAP server and run the Intelligent Process Server. 

    EXEC_SERVER_HOME/bin/standalone.sh -Dorg.kie.server.id=<ID> -Dorg.kie.server.user=<USER> -Dorg.kie.server.pwd=<PWD> -Dorg.kie.server.location=<LOCATION_URL> -Dorg.kie.server.controller=<CONTROLLER_URL> -Dorg.kie.server.controller.user=<CONTROLLER_USER> -Dorg.kie.server.controller.pwd=<CONTOLLER_PASSWORD>
    Copy to Clipboard Toggle word wrap

    Here is an example: 

    EXEC_SERVER_HOME/bin/standalone.sh -Dorg.kie.server.id=kieserver1 -Dorg.kie.server.user=kieserver -Dorg.kie.server.pwd=password -Dorg.kie.server.location=http://localhost:8080/kie-server/services/rest/server -Dorg.kie.server.controller=http://localhost:8080/business-central/rest/controller -Dorg.kie.server.controller.user=kiecontroller -Dorg.kie.server.controller.pwd=password
    Copy to Clipboard Toggle word wrap

  4. Once the Intelligent Process Server is running, you can check the server status using the following command: 

    curl http://kieserver:password@localhost:8080/kie-server/services/rest/server/
    Copy to Clipboard Toggle word wrap
Note

Token-based authorization is also supported for communication between Business Central and the Intelligent Process Server. Additionally, you can use the complete token as system property (instead of username and password) for your applications. However, you must ensure that the token does not expire for the period of interaction between the applications, as it is not automatically refreshed.

返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat