Camunda docker login using curl

Hasan_Alnatour · June 5, 2022, 11:13am

am trying to follow the documentation and installed the environment using docker-compose , following this link “https://camunda.com/blog/2022/05/getting-started-with-camunda-platform-8s-graphql-api/#Running-Your-First-Query” to use GraphQl

curl -v -XPOST 'http://localhost:8081/api/login?username=demo&password=demo'

Response


*   Trying ::1:8081...
* Connected to localhost (::1) port 8081 (#0)
> POST /api/login?username=demo&password=demo HTTP/1.1
> Host: localhost:8081
> User-Agent: curl/7.71.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 302
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Location: http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/auth?client_id=operate&redirect_uri=http%3A%2F%2Flocalhost%3A8081%2Fidentity-callback&response_type=code&scope=openid+email&state=
< Content-Language: en
< Content-Length: 0
< Date: Sun, 05 Jun 2022 11:12:17 GMT
<
* Connection #0 to host localhost left intact

jonathan.lukas · June 5, 2022, 12:45pm

Hey @Hafflgav ,

maybe you can clarify where the authentication information comes from.

Jonathan

Hasan_Alnatour · June 6, 2022, 8:41am

i looked at the curl response and it basically redirected the request keycloak , but i used the same docker-compose file from the link above, is there something i need to do to as configuration to enable this login api

Hafflgav · June 10, 2022, 6:10am

Hey @Hasan_Alnatour!
I have recently heard of that issue
It seems that after I have published the blogpost the docker compose has changed. Since Identity and Keycloak has been added the curl command does not work anymore. I will try to find a solution and keep you posted.

Thanks @jonathan.lukas for pointing me towards this post.
-Thomas

Hafflgav · June 10, 2022, 6:51am

Okay! - Long story short:
If you delete all Identity and Keycloak related lines in the docker-compose file it still works for me.

The token authentication for Tasklist is not yet available on self-managed but should be available in the next release.

My updated docker-compose without identity and keycloak:
services:

  zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe
    image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION:-8.0.2}
    container_name: zeebe
    ports:
      - "26500:26500"
      - "9600:9600"
    environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/
      - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter
      - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200
      - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1
      # allow running with low disk space
      - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998
      - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999
      - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m"
    restart: always
    volumes:
      - zeebe:/usr/local/zeebe/data
    networks:
      - camunda-platform
    depends_on:
      - elasticsearch

  operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate
    image: camunda/operate:${CAMUNDA_PLATFORM_VERSION:-8.0.2}
    container_name: operate
    ports:
      - "8080:8080"
    environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/
      - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500
      - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200
      - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200
      # For more information regarding configuration with Identity see:
      # https://docs.camunda.io/docs/self-managed/operate-deployment/authentication/#identity
      - SPRING_PROFILES_ACTIVE=identity-auth
    networks:
      - camunda-platform
    depends_on:
      - zeebe
      - elasticsearch

  tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist
    image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION:-8.0.2}
    container_name: tasklist
    ports:
      - "8081:8080"
    environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/
      - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500
      - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200
      - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200
      # For more information regarding configuration with Identity see:
      # https://docs.camunda.io/docs/self-managed/tasklist-deployment/authentication/#identity
    networks:
      - camunda-platform
    depends_on:
      - zeebe
      - elasticsearch

  optimize: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#optimize
    image: camunda/optimize:${CAMUNDA_OPTIMIZE_VERSION:-3.8.2}
    container_name: optimize
    ports:
      - "8083:8090"
    environment: # https://docs.camunda.io/docs/self-managed/optimize-deployment/setup/installation/#available-environment-variables
      - OPTIMIZE_ELASTICSEARCH_HOST=elasticsearch
      - OPTIMIZE_ELASTICSEARCH_HTTP_PORT=9200
      - SPRING_PROFILES_ACTIVE=ccsm
      - CAMUNDA_OPTIMIZE_ZEEBE_ENABLED=true
      - CAMUNDA_OPTIMIZE_ENTERPRISE=false
      - CAMUNDA_OPTIMIZE_SECURITY_AUTH_COOKIE_SAME_SITE_ENABLED=false
      - CAMUNDA_OPTIMIZE_UI_LOGOUT_HIDDEN=true
    restart: on-failure
    networks:
      - camunda-platform
    depends_on:
      - elasticsearch

  elasticsearch: # https://hub.docker.com/_/elasticsearch
    image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION:-7.17.0}
    container_name: elasticsearch
    ports:
      - "9200:9200"
      - "9300:9300"
    environment:
      - bootstrap.memory_lock=true
      - discovery.type=single-node
      # allow running with low disk space
      - cluster.routing.allocation.disk.threshold_enabled=false
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    restart: always
    healthcheck:
      test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ]
      interval: 30s
      timeout: 5s
      retries: 3
    volumes:
      - elastic:/usr/share/elasticsearch/data
    networks:
      - camunda-platform

volumes:
  zeebe:
  elastic:

networks:
  # Note there are two bridge networks: One for Camunda Platform and one for Identity.
  # Operate, Tasklist, and Optimize use both
  camunda-platform:

Let me know if this works for you!
Best,
Thomas

Hasan_Alnatour · June 12, 2022, 12:31pm

i had to remove this line for it to work , but now its working thank you

Hafflgav · June 12, 2022, 12:35pm

Awesome! So glad to hear this

Hasan_Alnatour · June 12, 2022, 12:52pm

@Hafflgav thank you , i would love to see an article about how to use it with keycloak in the feature

victorhugof · June 15, 2022, 2:54pm

Hey Folks. Were you able to request TaskList Rest queries with keycloak disabled? Basic Auth?

victorhugof · June 15, 2022, 3:31pm

It looks we just need to use the TASKLIST-SESSION token as the bearer value. Thanks