Troubleshooting login issues
Web Modeler Self-Managed is available to enterprise customers only.
Logging in to Web Modeler doesn't work as expected and shows an error or a blank page when accessing the application.
To further debug this issue, check the log output of the modeler-restapi
and modeler-webapp
services for errors and warnings.
Unique constraint violation​
When you try to log in to Web Modeler using Keycloak as an OIDC provider, you see an error message in the modeler-restapi
logs similar to this:
org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "users_email_key"
Detail: Key (email)=(***************) already exists.
Ensure the Keycloak-managed user id didn't change​
Web Modeler uses the value of the sub
(subject) claim in the JSON Web Token (JWT) issued by the configured OIDC provider (by default Keycloak) to identify users and correlate them with their data created in Web Modeler.
It is important that this value doesn't change over time, for example when the user is deleted and re-created in Keycloak or re-imported from an external user directory, or when reinstalling/updating/switching Keycloak instances.
If the sub
claim value changes for an existing user, Web Modeler will try to create a new user record in its database for the user, which will lead to the error above when the user tries to log in.
As a workaround, you can manually update the user ID in the Web Modeler database:
- Export the users from the Keycloak database to a CSV file. The following query can be used to select the relevant data:
SELECT id, email
FROM user_entity
WHERE realm_id = 'camunda-platform' AND email IS NOT NULL; - Create a new table in the Web Modeler database:
CREATE TABLE keycloak_users (
id varchar(255),
email varchar(255)
); - Import the CSV file from Step 1 into the new
keycloak_users
table. - Update the user IDs by running the following query in the Web Modeler database:
UPDATE users u
SET iam_id = k.id
FROM keycloak_users k
WHERE k.email = u.email; - Verify that the login is working again.
- Delete the
keycloak_users
table:DROP TABLE keycloak_users;