Hi,
I am trying to update Camunda 8.4 to Camunda 8.5, however I am facing issue with Identity startup, when conencting to Keycloak it is throwing following error. Not sure what the issue is here… Please suggest…
Exception
java.lang.NullPointerException: Cannot invoke "io.camunda.identity.impl.keycloak.config.record.KeycloakPreset.resourceServers()" because the return value of "java.util.Map.get(Object)" is null
at io.camunda.identity.impl.keycloak.initializer.KeycloakPresetInitializer.lambda$initialiseResourceServers$0(KeycloakPresetInitializer.java:51) ~[classes!/:na]
at java.base/java.util.LinkedHashMap$LinkedKeySet.forEach(Unknown Source) ~[na:na]
at io.camunda.identity.impl.keycloak.initializer.KeycloakPresetInitializer.initialiseResourceServers(KeycloakPresetInitializer.java:50) ~[classes!/:na]
at io.camunda.identity.impl.keycloak.initializer.KeycloakPresetInitializer.run(KeycloakPresetInitializer.java:44) ~[classes!/:na]
at org.springframework.boot.SpringApplication.lambda$callRunner$4(SpringApplication.java:770) ~[spring-boot-3.1.9.jar!/:3.1.9]
at org.springframework.util.function.ThrowingConsumer$1.acceptWithException(ThrowingConsumer.java:83) ~[spring-core-6.0.17.jar!/:6.0.17]
at org.springframework.util.function.ThrowingConsumer.accept(ThrowingConsumer.java:60) ~[spring-core-6.0.17.jar!/:6.0.17]
at org.springframework.util.function.ThrowingConsumer$1.accept(ThrowingConsumer.java:88) ~[spring-core-6.0.17.jar!/:6.0.17]
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:782) ~[spring-boot-3.1.9.jar!/:3.1.9]
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:770) ~[spring-boot-3.1.9.jar!/:3.1.9]
at org.springframework.boot.SpringApplication.lambda$callRunners$3(SpringApplication.java:758) ~[spring-boot-3.1.9.jar!/:3.1.9]
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(Unknown Source) ~[na:na]
at java.base/java.util.stream.SortedOps$SizedRefSortingSink.end(Unknown Source) ~[na:na]
at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source) ~[na:na]
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source) ~[na:na]
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(Unknown Source) ~[na:na]
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(Unknown Source) ~[na:na]
at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source) ~[na:na]
at java.base/java.util.stream.ReferencePipeline.forEach(Unknown Source) ~[na:na]
at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:758) ~[spring-boot-3.1.9.jar!/:3.1.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:331) ~[spring-boot-3.1.9.jar!/:3.1.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1317) ~[spring-boot-3.1.9.jar!/:3.1.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1306) ~[spring-boot-3.1.9.jar!/:3.1.9]
at io.camunda.identity.Application.main(Application.java:21) ~[classes!/:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Unknown Source) ~[na:na]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49) ~[identity.jar:na]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:95) ~[identity.jar:na]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:58) ~[identity.jar:na]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:65) ~[identity.jar:na]
kind: ConfigMap
apiVersion: v1
metadata:
managedFields:
- manager: helm
operation: Update
apiVersion: v1
time: '2024-04-24T16:08:54Z'
fieldsType: FieldsV1
fieldsV1:
'f:data':
.: {}
'f:application.yaml': {}
'f:metadata':
'f:annotations':
.: {}
'f:meta.helm.sh/release-name': {}
'f:meta.helm.sh/release-namespace': {}
'f:labels':
'f:helm.sh/chart': {}
'f:app.kubernetes.io/managed-by': {}
'f:app': {}
'f:app.kubernetes.io/name': {}
.: {}
'f:app.kubernetes.io/part-of': {}
'f:app.kubernetes.io/version': {}
'f:app.kubernetes.io/instance': {}
'f:app.kubernetes.io/component': {}
data:
application.yaml: >
identity:
url: "https://camunda-platform-identity-public/identity"
flags:
multi-tenancy: true
logging:
level: DEBUG
client-id: "camunda-identity"
client-secret: "gI5u3QF2yshLRZjdmaAWcGABIPT4K4So"
authProvider:
issuer-url: "https://camunda-platform-keycloak-public/auth/realms/camunda-platform"
backend-url: "https://camunda-platform-keycloak-public/auth/realms/camunda-platform"
keycloak:
environment:
clients:
- name: Identity
id: "camunda-identity"
type: CONFIDENTIAL
secret: gI5u3QF2yshLRZjdmaAWcGABIPT4K4So
root-url: "https://camunda-platform-identity-public/identity"
redirect-uris:
- "/auth/login-callback"
presets:
tasklist:
clients:
- name: Tasklist
type: confidential
secret: camunda8-tasklist-identity-secret
root-url: "https://camunda-platform-tasklist-public"
redirect-uris:
- "/identity-callback"
operate:
clients:
- name: Operate
type: confidential
secret: camunda8-operate-identity-secret
root-url: "https://camunda-platform-operate-public"
redirect-uris:
- "/identity-callback"
optimize:
clients:
- name: Optimize
type: confidential
secret: camunda8-optimize-identity-secret
root-url: "https://camunda-platform-optimize-public/optimize"
redirect-uris:
- "/api/authentication/callback"
console:
clients:
- name: "Console"
type: public
root-url: "http://localhost:8080"
redirect-uris:
- "/"
server:
port: 8443
servlet:
context-path: "/identity"
spring:
profiles:
active: keycloak
datasource:
url: "jdbc:postgresql://posthost.int.be.xpi.net.intra:5432/bpm"
username: "camundauser"
camunda:
identity:
client-id: "camunda-identity"
client-secret: "gI5u3QF2yshLRZjdmaAWcGABIPT4K4So"
All the varibles suggested in the configuration webpage are available, but still getting error
Learn more about core configuration, component configuration, database configuration, and feature flags.
Thanks
Pavan
@pavan_Kumar - does this thread help with your issue at all? They encountered the same null pointer exception you are.
We have created realm - camunda-platform in keycloak and configured all the required client and secret.
But somehow Identity is failing to connect keycloak, getting below error -
ERROR 1 — [ main] i.c.i.i.k.c.KeycloakConfiguration : HTTP 403 Forbidden
I have used below env configs -
CAMUNDA_OPERATE_IDENTITY_CLIENTSECRET : abcd
CAMUNDA_OPTIMIZE_IDENTITY_CLIENTSECRET : abcd
CAMUNDA_TASKLIST_IDENTITY_CLIENTSECRET : abcd
DB_DATABASE_TEST : Keycloak
DB_HOST_TEST : abcd
DB_PASSWORD_TEST : abc…
Hi Nathan,
I have already visited this link and implemented mentioned suggestion, after configuring the pairs rootURL and secret, I have been getting this error.
Communication between Keycloak and Identity seems to be not a problem
2024-04-25T08:39:51.372Z DEBUG 1 --- [ main] org.apache.http.headers : http-outgoing-0 >> Host: camunda-platform-keycloak-public
2024-04-25T08:39:51.372Z DEBUG 1 --- [ main] org.apache.http.headers : http-outgoing-0 >> Connection: Keep-Alive
2024-04-25T08:39:51.372Z DEBUG 1 --- [ main] org.apache.http.headers : http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.13 (Java/17.0.10)
2024-04-25T08:39:51.372Z DEBUG 1 --- [ main] org.apache.http.wire : http-outgoing-0 >> "GET /auth/admin/realms/camunda-platform/clients/35d527b3-c3ae-4dbc-8e14-5226b285bcc7/roles HTTP/1.1[\r][\n]"
2024-04-25T08:39:51.372Z DEBUG 1 --- [ main] org.apache.http.wire : http-outgoing-0 >> "Accept: application/json[\r][\n]"
2024-04-25T08:39:51.372Z DEBUG 1 --- [ main] org.apache.http.wire : http-outgoing-0 >> "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI1ZHpBVEVmeGJDdzdxUmgK6k_6T6pJ_E0ZPGAYsQPnTicKuWrTNpefLdsB00mi1vDeiLJ5YD8GOOsORQmgzJpR0AX28JO_1rWhhh6XMiQ[\r][\n]"
2024-04-25T08:39:51.372Z DEBUG 1 --- [ main] org.apache.http.wire : http-outgoing-0 >> "Host: camunda-platform-keycloak-public-x0.apps.ckd.int.be.xpi.net.intra[\r][\n]"
2024-04-25T08:39:51.372Z DEBUG 1 --- [ main] org.apache.http.wire : http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
2024-04-25T08:39:51.372Z DEBUG 1 --- [ main] org.apache.http.wire : http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.13 (Java/17.0.10)[\r][\n]"
2024-04-25T08:39:51.372Z DEBUG 1 --- [ main] org.apache.http.wire : http-outgoing-0 >> "[\r][\n]"
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.wire : http-outgoing-0 << "HTTP/1.1 200 OK[\r][\n]"
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.wire : http-outgoing-0 << "content-length: 827[\r][\n]"
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.wire : http-outgoing-0 << "cache-control: no-cache[\r][\n]"
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.wire : http-outgoing-0 << "content-type: application/json;charset=UTF-8[\r][\n]"
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.wire : http-outgoing-0 << "referrer-policy: no-referrer[\r][\n]"
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.wire : http-outgoing-0 << "strict-transport-security: max-age=31536000; includeSubDomains[\r][\n]"
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.wire : http-outgoing-0 << "x-content-type-options: nosniff[\r][\n]"
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.wire : http-outgoing-0 << "x-frame-options: SAMEORIGIN[\r][\n]"
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.wire : http-outgoing-0 << "x-xss-protection: 1; mode=block[\r][\n]"
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.wire : http-outgoing-0 << "set-cookie: bc06e8f3631f4ea6ee6410d564cb55eb=a933ab55481a7dc6d861f2dfba8cff48; path=/; HttpOnly; Secure; SameSite=None[\r][\n]"
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.wire : http-outgoing-0 << "[\r][\n]"
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.wire : http-outgoing-0 << "[{"id":"6847337c-f576-4a6a-815a-c5c7353356e7","name":"delete:*","description":"Allows delete access for all resources","composite":false,"clientRole":true,"containerId":"35d527b3-c3ae-4dbc-8e14-5226b285bcc7"},{"id":"fd0e34c4-71c2-4c6f-b492-87c16987d758","name":"update:*","description":"Allows update access to all resources","composite":false,"clientRole":true,"containerId":"35d527b3-c3ae-4dbc-8e14-5226b285bcc7"},{"id":"b8fa9654-5e3b-42d1-83c0-ae531e9d3eef","name":"read:*","description":"Allows read access to all resources","composite":false,"clientRole":true,"containerId":"35d527b3-c3ae-4dbc-8e14-5226b285bcc7"},{"id":"0dbf0665-a475-4f26-b249-2d1ffebea4ae","name":"create:*","description":"Allows create access for all resources","composite":false,"clientRole":true,"containerId":"35d527b3-c3ae-4dbc-8e14-5226b285bcc7"}]"
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.headers : http-outgoing-0 << HTTP/1.1 200 OK
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.headers : http-outgoing-0 << content-length: 827
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.headers : http-outgoing-0 << cache-control: no-cache
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.headers : http-outgoing-0 << content-type: application/json;charset=UTF-8
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.headers : http-outgoing-0 << referrer-policy: no-referrer
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.headers : http-outgoing-0 << strict-transport-security: max-age=31536000; includeSubDomains
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.headers : http-outgoing-0 << x-content-type-options: nosniff
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.headers : http-outgoing-0 << x-frame-options: SAMEORIGIN
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.headers : http-outgoing-0 << x-xss-protection: 1; mode=block
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.apache.http.headers : http-outgoing-0 << set-cookie: bc06e8f3631f4ea6ee6410d564cb55eb=a933ab55481a7dc6d861f2dfba8cff48; path=/; HttpOnly; Secure; SameSite=None
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] o.a.http.impl.execchain.MainClientExec : Connection can be kept alive indefinitely
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.jboss.resteasy.resteasy_jaxrs.i18n : Interceptor Context: org.jboss.resteasy.core.interception.jaxrs.ClientReaderInterceptorContext, Method : proceed
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.jboss.resteasy.resteasy_jaxrs.i18n : MessageBodyReader: org.jboss.resteasy.core.providerfactory.SortedKey
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.jboss.resteasy.resteasy_jaxrs.i18n : MessageBodyReader: io.camunda.identity.security.jackson.CustomResteasyJacksonProvider
2024-04-25T08:39:51.470Z DEBUG 1 --- [ main] org.jboss.resteasy.resteasy_jaxrs.i18n : Provider : io.camunda.identity.security.jackson.CustomResteasyJacksonProvider, Method : readFrom
2024-04-25T08:39:51.472Z DEBUG 1 --- [ main] h.i.c.PoolingHttpClientConnectionManager : Connection [id: 0][route: {s}->https://camunda-platform-keycloak:443] can be kept alive indefinitely
2024-04-25T08:39:51.472Z DEBUG 1 --- [ main] h.i.c.DefaultManagedHttpClientConnection : http-outgoing-0: set socket timeout to 0
2024-04-25T08:39:51.472Z DEBUG 1 --- [ main] h.i.c.PoolingHttpClientConnectionManager : Connection released: [id: 0][route: {s}->https://camunda-platform-keycloak-public:443][total available: 1; route allocated: 1 of 50; total allocated: 1 of 50]
2024-04-25T08:39:51.482Z DEBUG 1 --- [ main] o.s.b.a.ApplicationAvailabilityBean : Application availability state ReadinessState changed to REFUSING_TRAFFIC
2024-04-25T08:39:51.482Z DEBUG 1 --- [ main] ConfigServletWebServerApplicationContext : Closing org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext@121f9c52, started on Thu Apr 25 08:39:46 GMT 2024, parent: org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext@3ddc6915
2024-04-25T08:39:51.483Z DEBUG 1 --- [ main] o.s.c.support.DefaultLifecycleProcessor : Stopping beans in phase 2147482623
2024-04-25T08:39:51.484Z DEBUG 1 --- [ main] o.s.c.support.DefaultLifecycleProcessor : Bean 'webServerGracefulShutdown' completed its stop procedure
2024-04-25T08:39:51.484Z DEBUG 1 --- [ main] o.s.c.support.DefaultLifecycleProcessor : Stopping beans in phase 2147481599
2024-04-25T08:39:51.494Z DEBUG 1 --- [ main] o.s.c.support.DefaultLifecycleProcessor : Bean 'webServerStartStop' completed its stop procedure
2024-04-25T08:39:51.514Z ERROR 1 --- [ main] o.s.boot.SpringApplication : Application run failed
java.lang.NullPointerException: Cannot invoke "io.camunda.identity.impl.keycloak.config.record.KeycloakPreset.resourceServers()" because the return value of "java.util.Map.get(Object)" is null
at io.camunda.identity.impl.keycloak.initializer.KeycloakPresetInitializer.lambda$initialiseResourceServers$0(KeycloakPresetInitializer.java:51) ~[classes!/:na]
at java.base/java.util.LinkedHashMap$LinkedKeySet.forEach(Unknown Source) ~[na:na]
at io.camunda.identity.impl.keycloak.initializer.KeycloakPresetInitializer.initialiseResourceServers(KeycloakPresetInitializer.java:50) ~[classes!/:na]
at io.camunda.identity.impl.keycloak.initializer.KeycloakPresetInitializer.run(KeycloakPresetInitializer.java:44) ~[classes!/:na]
at org.springframework.boot.SpringApplication.lambda$callRunner$4(SpringApplication.java:770) ~[spring-boot-3.1.9.jar!/:3.1.9]
at org.springframework.util.function.ThrowingConsumer$1.acceptWithException(ThrowingConsumer.java:83) ~[spring-core-6.0.17.jar!/:6.0.17]
at org.springframework.util.function.ThrowingConsumer.accept(ThrowingConsumer.java:60) ~[spring-core-6.0.17.jar!/:6.0.17]
at org.springframework.util.function.ThrowingConsumer$1.accept(ThrowingConsumer.java:88) ~[spring-core-6.0.17.jar!/:6.0.17]
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:782) ~[spring-boot-3.1.9.jar!/:3.1.9]
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:770) ~[spring-boot-3.1.9.jar!/:3.1.9]
at org.springframework.boot.SpringApplication.lambda$callRunners$3(SpringApplication.java:758) ~[spring-boot-3.1.9.jar!/:3.1.9]
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(Unknown Source) ~[na:na]
at java.base/java.util.stream.SortedOps$SizedRefSortingSink.end(Unknown Source) ~[na:na]
at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source) ~[na:na]
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source) ~[na:na]
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(Unknown Source) ~[na:na]
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(Unknown Source) ~[na:na]
at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source) ~[na:na]
at java.base/java.util.stream.ReferencePipeline.forEach(Unknown Source) ~[na:na]
at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:758) ~[spring-boot-3.1.9.jar!/:3.1.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:331) ~[spring-boot-3.1.9.jar!/:3.1.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1317) ~[spring-boot-3.1.9.jar!/:3.1.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1306) ~[spring-boot-3.1.9.jar!/:3.1.9]
at io.camunda.identity.Application.main(Application.java:21) ~[classes!/:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Unknown Source) ~[na:na]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49) ~[identity.jar:na]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:95) ~[identity.jar:na]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:58) ~[identity.jar:na]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:65) ~[identity.jar:na]
2024-04-25T08:39:51.517Z DEBUG 1 --- [ main] o.s.b.a.ApplicationAvailabilityBean : Application availability state ReadinessState changed from REFUSING_TRAFFIC to REFUSING_TRAFFIC
2024-04-25T08:39:51.517Z DEBUG 1 --- [ main] ConfigServletWebServerApplicationContext : Closing org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext@3ddc6915, started on Thu Apr 25 08:39:36 GMT 2024
2024-04-25T08:39:51.518Z DEBUG 1 --- [ main] o.s.c.support.DefaultLifecycleProcessor : Stopping beans in phase 2147482623
2024-04-25T08:39:51.518Z DEBUG 1 --- [ main] o.s.c.support.DefaultLifecycleProcessor : Bean 'webServerGracefulShutdown' completed its stop procedure
2024-04-25T08:39:51.518Z DEBUG 1 --- [ main] o.s.c.support.DefaultLifecycleProcessor : Stopping beans in phase 2147481599
2024-04-25T08:39:51.532Z DEBUG 1 --- [ main] o.s.c.support.DefaultLifecycleProcessor : Bean 'webServerStartStop' completed its stop procedure
2024-04-25T08:39:51.532Z DEBUG 1 --- [ main] o.s.c.support.DefaultLifecycleProcessor : Stopping beans in phase -2147483647
2024-04-25T08:39:51.533Z DEBUG 1 --- [ main] o.s.c.support.DefaultLifecycleProcessor : Bean 'springBootLoggingLifecycle' completed its stop procedure
2024-04-25T08:39:51.534Z DEBUG 1 --- [ main] h.i.c.PoolingHttpClientConnectionManager : Connection manager is shutting down
2024-04-25T08:39:51.534Z DEBUG 1 --- [ main] h.i.c.DefaultManagedHttpClientConnection : http-outgoing-0: Close connection
2024-04-25T08:39:51.535Z DEBUG 1 --- [ main] h.i.c.PoolingHttpClientConnectionManager : Connection manager shut down
2024-04-25T08:39:51.537Z DEBUG 1 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Shutting down ExecutorService 'applicationTaskExecutor'
2024-04-25T08:39:51.539Z INFO 1 --- [ main] j.LocalContainerEntityManagerFactoryBean : Closing JPA EntityManagerFactory for persistence unit 'default'
2024-04-25T08:39:51.539Z DEBUG 1 --- [ main] o.hibernate.internal.SessionFactoryImpl : HHH000031: Closing
2024-04-25T08:39:51.540Z DEBUG 1 --- [ main] o.h.type.spi.TypeConfiguration$Scope : Un-scoping TypeConfiguration [org.hibernate.type.spi.TypeConfiguration$Scope@29dcad7e] from SessionFactory [org.hibernate.internal.SessionFactoryImpl@11c88cca]
If possible I would like to check this class and see what excactly its looking for and what is missing.
‘io.camunda.identity.impl.keycloak.config.record.KeycloakPreset’
@pavan_Kumar - as mentioned earlier, it’s closed source and I cannot share the source code. If you have an enterprise license, I would recommend opening a support ticket for this. If you could share your full Helm values.yaml file (with secrets and private information redacted), that will help too.
After commenting the presets in configmap of Identity it started working, not sure what is the problem here
{{- if .Values.identity.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "identity.fullname" . }}-configuration
labels: {{- include "identity.labels" . | nindent 4 }}
annotations: {{- toYaml .Values.global.annotations | nindent 4 }}
data:
{{- if .Values.identity.configuration }}
application.yaml: |
{{ .Values.identity.configuration | indent 4 | trim }}
{{- else }}
application.yaml: |
identity:
url: {{ include "camundaPlatform.identityURL" . | quote }}
{{- if or .Values.identityPostgresql.enabled .Values.identity.externalDatabase.enabled }}
flags:
multi-tenancy: true
{{- end }}
logging:
level: DEBUG
{{- if (tpl ( include "identity.authClientSecret" . ) .)}}
client-id: {{ include "identity.authClientId" . | default "camunda-identity" | quote }}
client-secret: {{ include "identity.authClientSecret" . | quote }}
{{- end }}
authProvider:
{{- if ne .Values.global.identity.auth.type "KEYCLOAK" }}
type: {{ include "camundaPlatform.authType" . | quote }}
{{- end }}
issuer-url: {{ include "camundaPlatform.authIssuerUrl" . | quote }}
backend-url: {{ include "identity.issuerBackendUrl" . | quote }}
{{- if ne .Values.global.identity.auth.type "KEYCLOAK" }}
component-presets:
identity:
apis:
- name: "Camunda Identity Resource Server"
audience: ${IDENTITY_AUDIENCE:camunda-identity-resource-server}
permissions:
- definition: read
description: "Read permission"
- definition: "read:users"
description: "Read users permission"
- definition: write
description: "Write permission"
roles:
- name: "Identity"
description: "Provides full access to Identity"
permissions:
- audience: ${IDENTITY_AUDIENCE:camunda-identity-resource-server}
definition: read
- audience: ${IDENTITY_AUDIENCE:camunda-identity-resource-server}
definition: write
operate:
apis:
- name: Operate API
audience: {{ include "operate.authAudience" . | default "operate-api" | quote }}
permissions:
- definition: read:*
description: "Read permission"
- definition: write:*
description: "Write permission"
roles:
- name: "Operate"
description: "Grants full access to Operate"
permissions:
- audience: {{ include "operate.authAudience" . | default "operate-api" | quote }}
definition: read:*
- audience: {{ include "operate.authAudience" . | default "operate-api" | quote }}
definition: write:*
tasklist:
apis:
- name: Tasklist API
audience: {{ include "tasklist.authAudience" . | default "tasklist-api" | quote }}
permissions:
- definition: read:*
description: "Read permission"
- definition: write:*
description: "Write permission"
roles:
- name: "Tasklist"
description: "Grants full access to Tasklist"
permissions:
- audience: {{ include "tasklist.authAudience" . | default "tasklist-api" | quote }}
definition: read:*
- audience: {{ include "tasklist.authAudience" . | default "tasklist-api" | quote }}
definition: write:*
zeebe:
apis:
- name: Zeebe API
audience: {{ .Values.global.identity.auth.zeebe.audience | default "zeebe-api" | quote }}
permissions:
- definition: write:*
description: "Write permission"
roles:
- name: "Zeebe"
description: "Grants full access to the Zeebe API"
permissions:
- audience: {{ .Values.global.identity.auth.zeebe.audience | default "zeebe-api" | quote }}
definition: write:*
optimize:
apis:
- name: Optimize API
audience: {{ include "optimize.authAudience" . | default "optimize-api" | quote }}
permissions:
- definition: write:*
description: "Write permission"
roles:
- name: "Optimize"
description: "Grants full access to Optimize"
permissions:
- audience: {{ include "optimize.authAudience" . | default "optimize-api" | quote }}
definition: write:*
- audience: {{ include "identity.authAudience" . | default "camunda-identity" | quote }}
definition: read:users
webmodeler:
apis:
- name: Web Modeler Internal API
audience: {{ .Values.global.identity.auth.webModeler.clientApiAudience | default "web-modeler-api" | quote }}
permissions:
- definition: write:*
description: "Write permission"
- name: Web Modeler API
audience: {{ .Values.global.identity.auth.webModeler.publicApiAudience | default "web-modeler-public-api" | quote }}
permissions:
- definition: create:*
description: "Allows create access for all resources"
- definition: read:*
description: "Allows read access to all resources"
- definition: update:*
description: "Allows update access to all resources"
- definition: delete:*
description: "Allows delete access for all resources"
roles:
- name: "Web Modeler"
description: "Grants full access to Web Modeler"
permissions:
- audience: {{ .Values.global.identity.auth.webModeler.clientApiAudience | default "web-modeler-api" | quote }}
definition: write:*
- audience: {{ include "identity.authAudience" . | default "camunda-identity-resource-server" | quote }}
definition: read:users
console:
apis:
- name: Console API
audience: {{ .Values.global.identity.auth.console.audience | default "console-api" | quote }}
permissions:
- definition: write:*
description: "Write permission"
roles:
- name: "Console"
description: "Grants full access to Console"
permissions:
- audience: {{ .Values.global.identity.auth.console.audience | default "console-api" | quote }}
definition: write:*
{{- end }}
{{- if .Values.global.identity.auth.enabled }}
{{- if eq .Values.global.identity.auth.type "KEYCLOAK"}}
keycloak:
environment:
clients:
- name: Identity
{{- if (tpl ( include "identity.authClientSecret" . ) .)}}
id: {{ printf "%s" (include "identity.authClientId" .) | default "camunda-identity" | quote }}
{{- else }}
id: "camunda-identity"
{{- end }}
type: confidential
secret: {{ tpl .Values.global.identity.auth.identity.existingSecret $ }}
root-url: {{ tpl .Values.global.identity.auth.identity.redirectUrl $ | quote }}
redirect-uris:
- "/auth/login-callback"
#presets:
# tasklist:
# clients:
# - name: Tasklist
# type: confidential
# secret: {{ tpl .Values.global.identity.auth.tasklist.existingSecret $ }}
# root-url: {{ tpl .Values.global.identity.auth.tasklist.redirectUrl $ | quote }}
# redirect-uris:
# - "/identity-callback"
# operate:
# clients:
# - name: Operate
# type: confidential
# secret: {{ tpl .Values.global.identity.auth.operate.existingSecret $ }}
# root-url: {{ tpl .Values.global.identity.auth.operate.redirectUrl $ | quote }}
# redirect-uris:
# - "/identity-callback"
# optimize:
# clients:
# - name: Optimize
# type: confidential
# secret: {{ tpl .Values.global.identity.auth.optimize.existingSecret $ }}
# root-url: {{ tpl .Values.global.identity.auth.optimize.redirectUrl $ | quote }}
# redirect-uris:
# - "/api/authentication/callback"
# #console:
# # clients:
# # - name: "Console"
# # type: confidential
# # root-url: {{ tpl .Values.global.identity.auth.console.redirectUrl $ | quote }}
# # redirect-uris:
# # - "/"
{{- end }}
{{- end }}
server:
port: 8443
{{- if .Values.identity.contextPath }}
servlet:
context-path: {{ .Values.identity.contextPath | quote }}
{{- end }}
spring:
{{- if .Values.global.identity.auth.enabled }}
profiles:
active: {{ eq .Values.global.identity.auth.type "KEYCLOAK" | ternary "keycloak" "oidc" }}
{{- end }}
{{- if or .Values.identityPostgresql.enabled .Values.identity.externalDatabase.enabled }}
datasource:
url: {{ printf "jdbc:postgresql://%s:%s/%s" (include "identity.postgresql.host" .) (include "identity.postgresql.port" .) (include "identity.postgresql.database" .) | quote }}
username: {{ include "identity.postgresql.username" . | quote }}
{{- end }}
#camunda:
# identity:
# {{- if (tpl ( include "identity.authClientSecret" . ) .)}}
# client-id: {{ include "identity.authClientId" . | default "camunda-identity" | quote }}
# client-secret: {{ include "identity.authClientSecret" . | quote }}
# {{- end }}
# {{- if ne .Values.global.identity.auth.type "KEYCLOAK" }}
# baseUrl: {{ include "identity.internalUrl" . | quote }}
# issuer: {{ include "camundaPlatform.authIssuerUrl" . | quote }}
# issuerBackendUrl: {{ include "camundaPlatform.authIssuerBackendUrl" . | quote }}
# {{- end }}
{{- end }}
{{- range $key, $val := .Values.identity.extraConfiguration }}
{{ $key }}: |
{{ $val | indent 4 | trim }}
{{- end }}
{{- end }}
@pavan_Kumar - without having your full Helm values.yaml file, there’s nothing else I can offer unfortunately.
I think I’ll go back to camunda 8.4… camunda 8.5.0 came with several problems, identity is having connection problems with keycloak, webhook connector does not show a response, Rest API gives constant errors of “the provided claims are invalid” even though it has all permissions
system
Closed
August 11, 2024, 7:02pm
8
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.