Hi, Indeed there was a configuration issue, which I've now corrected. Here is a breakdown for future readers:
Retrieving the workflow via: curl -X GET "http://host:port/syncope/rest/workflows/USER/userWorkflow" -H "accept: */*" -H "X-Syncope-Domain: Master" -H "Authorization: Basic ..." revealed the 'userTask' below which has no 'activiti:formKey' attribute. <userTask id="active" name="Active"> <extensionElements> <activiti:formProperty id="username" name="Username" type="string" expression="${user.username}" writable="false"/> <activiti:formProperty id="approve" name="Approve?" type="boolean" variable="approve" required="true"/> <activiti:formProperty id="rejectReason" name="Reason for rejecting" type="string" variable="rejectReason"/> </extensionElements> </userTask> To resolve the issue, I modified the workflow (restoring the userTask to the content-less default <userTask id="active" name="Active/> using: curl -X PUT "http://host:port/syncope/rest/workflows/USER/userWorkflow" -H "accept: */*" -H "X-Syncope-Domain: Master" -H "Authorization: Basic ..." -H "Content-Type: application/xml" -d "<?xml... Then I requested: curl -X GET "http://host:port/syncope/rest/userworkflow/forms" -H "accept: application/json" -H "X-Syncope-Domain: Master" -H "Authorization: Basic ..." which contained the null key, but also the affected new user key. [ { "username": ".....", "taskId": "7554", "key": null, "createTime": "2018-04-17T14:23:06.080+0000", "dueDate": null, "owner": null, "userTO": { "@class": "org.apache.syncope.common.lib.to.UserTO", "key": "db1ab1a4-0e2f-422e-9ab1-a40e2fb22e4a", "type": "USER", I then deleted the user with: curl -X DELETE "http://host:port/syncope/ rest/users/db1ab1a4-0e2f-422e-9ab1-a40e2fb22e4a" -H "accept: application/json" -H "Prefer: return-content" -H "X-Syncope-Domain: Master" -H "Authorization: Basic ..." and was able to login to the console to try again. Thanks as always for all your guidance. Dave