Handling login on Jmix + Wordpress using a IAM


I am building a web application with Jmix Framework, but I’m currently stuck at a point.
In the architecture of the portal that I’m developing, there is not only the Jmix application, but also a Wordpress instance. They should act, respectively, as the backend with all the data, manageable by the application managers, and the showcase site for customers, which should also allow customers to book the services that are managed by the Jmix application - under the hood the process should be handled by using the REST API plugin.
The problem is that I would like that Jmix and Wordpress could share the user base, in other words I would like to have three types of users:

  1. Jmix internal users (like the demo admin / admin user)
  2. Wordpress internal users (like the website administrator)
  3. Shared users (who would use the same username and password in both platforms)

I have tried to handle this via the OpenID Connect Jmix module (and MiniOrange on the Wordpress side), by using Keycloak as IAM. After many attempts, it worked, but I became locked out from logging in as Jmix administrator user, because everytime I went to Jmix login screen, I was automatically redirected to the Keycloak login form. Besides, all the users who come from Keycloak have only one permission, which is to login; they have no access to the data stored inside the Jmix backend, not even in read only mode.

Can you please help me in handling this stuff?

Thank you in advance!


You may assign roles to users in Keycloak and then corresponding roles will be searched in Jmix as described here.
If you create a custom ClaimsRolesMapper you can also evaluate default roles for your users even if they don’t have roles in Keycloak, so they will be able to do anything useful, not just login.