am trying to follow the documentation and installed the environment using docker-compose , following this link “https://camunda.com/blog/2022/05/getting-started-with-camunda-platform-8s-graphql-api/#Running-Your-First-Query” to use GraphQl
curl -v -XPOST 'http://localhost:8081/api/login?username=demo&password=demo'
Response
* Trying ::1:8081...
* Connected to localhost (::1) port 8081 (#0)
> POST /api/login?username=demo&password=demo HTTP/1.1
> Host: localhost:8081
> User-Agent: curl/7.71.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 302
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Location: http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/auth?client_id=operate&redirect_uri=http%3A%2F%2Flocalhost%3A8081%2Fidentity-callback&response_type=code&scope=openid+email&state=
< Content-Language: en
< Content-Length: 0
< Date: Sun, 05 Jun 2022 11:12:17 GMT
<
* Connection #0 to host localhost left intact
1 Like
Hey @Hafflgav ,
maybe you can clarify where the authentication information comes from.
Jonathan
i looked at the curl response and it basically redirected the request keycloak , but i used the same docker-compose file from the link above, is there something i need to do to as configuration to enable this login api
Hey @Hasan_Alnatour!
I have recently heard of that issue 
It seems that after I have published the blogpost the docker compose has changed. Since Identity and Keycloak has been added the curl command does not work anymore. I will try to find a solution and keep you posted.
Thanks @jonathan.lukas for pointing me towards this post. 
-Thomas
Okay! - Long story short:
If you delete all Identity and Keycloak related lines in the docker-compose file it still works for me.
The token authentication for Tasklist is not yet available on self-managed but should be available in the next release.
My updated docker-compose without identity and keycloak:
services:
zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe
image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION:-8.0.2}
container_name: zeebe
ports:
- "26500:26500"
- "9600:9600"
environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/
- ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter
- ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200
- ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1
# allow running with low disk space
- ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998
- ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999
- "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m"
restart: always
volumes:
- zeebe:/usr/local/zeebe/data
networks:
- camunda-platform
depends_on:
- elasticsearch
operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate
image: camunda/operate:${CAMUNDA_PLATFORM_VERSION:-8.0.2}
container_name: operate
ports:
- "8080:8080"
environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/
- CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500
- CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200
- CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200
# For more information regarding configuration with Identity see:
# https://docs.camunda.io/docs/self-managed/operate-deployment/authentication/#identity
- SPRING_PROFILES_ACTIVE=identity-auth
networks:
- camunda-platform
depends_on:
- zeebe
- elasticsearch
tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist
image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION:-8.0.2}
container_name: tasklist
ports:
- "8081:8080"
environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/
- CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500
- CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200
- CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200
# For more information regarding configuration with Identity see:
# https://docs.camunda.io/docs/self-managed/tasklist-deployment/authentication/#identity
networks:
- camunda-platform
depends_on:
- zeebe
- elasticsearch
optimize: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#optimize
image: camunda/optimize:${CAMUNDA_OPTIMIZE_VERSION:-3.8.2}
container_name: optimize
ports:
- "8083:8090"
environment: # https://docs.camunda.io/docs/self-managed/optimize-deployment/setup/installation/#available-environment-variables
- OPTIMIZE_ELASTICSEARCH_HOST=elasticsearch
- OPTIMIZE_ELASTICSEARCH_HTTP_PORT=9200
- SPRING_PROFILES_ACTIVE=ccsm
- CAMUNDA_OPTIMIZE_ZEEBE_ENABLED=true
- CAMUNDA_OPTIMIZE_ENTERPRISE=false
- CAMUNDA_OPTIMIZE_SECURITY_AUTH_COOKIE_SAME_SITE_ENABLED=false
- CAMUNDA_OPTIMIZE_UI_LOGOUT_HIDDEN=true
restart: on-failure
networks:
- camunda-platform
depends_on:
- elasticsearch
elasticsearch: # https://hub.docker.com/_/elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION:-7.17.0}
container_name: elasticsearch
ports:
- "9200:9200"
- "9300:9300"
environment:
- bootstrap.memory_lock=true
- discovery.type=single-node
# allow running with low disk space
- cluster.routing.allocation.disk.threshold_enabled=false
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
restart: always
healthcheck:
test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ]
interval: 30s
timeout: 5s
retries: 3
volumes:
- elastic:/usr/share/elasticsearch/data
networks:
- camunda-platform
volumes:
zeebe:
elastic:
networks:
# Note there are two bridge networks: One for Camunda Platform and one for Identity.
# Operate, Tasklist, and Optimize use both
camunda-platform:
Let me know if this works for you!
Best,
Thomas
i had to remove this line for it to work , but now its working thank you
1 Like
Awesome! So glad to hear this
@Hafflgav thank you , i would love to see an article about how to use it with keycloak in the feature
1 Like
Hey Folks. Were you able to request TaskList Rest queries with keycloak disabled? Basic Auth?
It looks we just need to use the TASKLIST-SESSION token as the bearer value. Thanks
