Hello, I was able to succesfully authenticate myself in Camunda webapps through Azure AD SSO. Now my last issue is that in any webapp, upon POST requests I see 403 forbidden, even when I’m logged in as a user with admin rights.
I have already followed this thread and configured csrf to be disabled or enabled with CookieCsrfTokenRepository.withHttpOnlyFalse() option - it didn’t help. Disabling CORS didn’t help as well.
Q: Has anyone witnessed such behaviour? Any ideas on have to solve those mysterious 403s on POST requests?
I’m using Camunda embedded in Spring Boot, so I’m really not configuring anything through XMLs. All of my HTTP requests between the webapps and the engine are within the same origin, I guess CORS should not be a problem in my case. Nevertheless I’ve tried and disasbling/enabling it makes no difference in my case.
EDIT: As the problem is still there, could possibly playing around with Camunda & Spring Boot versions be a solution? I don’t really think so but I’ve been facing this issue for quite a while now and to be honest I’m running out of ideas.
So it seems like disabling CSRF or configuring it according to what was described in this post actually works.
It was my mistake that it didn’t work in the very beggining - I have disabled CSRF in wrong configuration that had lower order of execution in spring boot filter chain. I applied it with higher priority and now it works like a charm. Shame that I had to spend a few days to spot such a miserable mistake
