In $designer.war/profiles/jbpm.xml file we can find the below hard coded configuration:

<externalloadurl protocol="http" host="localhost:8080" subdomain="jboss-brms/org.drools.guvnor.Guvnor/oryxeditor" usr="admin" pwd="admin"/>

So, If JBoss is bound to an IP address different than localhost, or change the authentication in $conf/props/brms-users.properties, the business process designer doesn't work. It's impossible to load or save diagrams.

Here is a reproduction procedure from Customer user case:

ISSUE:
======
OryxEditor only support admin/admin security authentication

REPRODUCE:
==========
1. install the JBoss-brms-5.3
2. change .../conf/props/brms-users.properties as below:
—
admin=admin123
—
3. start brms-5.3
4. create BPMN2 Process will receive the following error:
—
javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:252)
at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:152)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

—

ANALYSING:

From jbpm.xml file in the deploy/designer.war/profiles/ directory, I found the folowing:
—
<externalloadurl protocol="http" host="localhost:8080" subdomain="jboss-brms/org.drools.guvnor.Guvnor/oryxeditor" usr="admin" pwd="admin"/>
—

If we modify this, change pwd to admin123, then it can works.

What we want?
1. Is there a way for it to authenticate using the current logged in user's credentials instead of having it hard coded in the xml file?
2. How about single sign-on? I think single sign-on is preferred.