403 Forbidden when creating first Admin user

This morning I started a new Spring Boot project with the latest (7.13.0) Camunda Spring Boot Starter. The application starts up normally, but all calls to create the first admin user return a 403 Forbidden. When I add the camunda.bpm.admin-user.id/password properties to create one, all login calls fail.

  • Spring Security was not included yet, but adding it (and the authorizeRequest().anyRequest().permitAll()) didn’t work either.
  • Breakpoints in debug mode in the SetupResource file didn’t hit.

Has anyone seen this behaviour before?