Camunda Identity redirects to localhost:8080

floricdev · June 14, 2023, 9:24am

Hey

we’ve successfully deployed the complete Camunda Platform via Helm, including Identity. Unfortunately the Ingress for Camunda Identity isn’t usable as the redirect back to Identity after the login via Keycloak always leads to localhost:8080, instead of the provided ingress.

All other components (Tasklist, Operate, Optimize) have a value to configure the redirect uri (“redirectUrl” in Helm and CAMUNDA_TASKLIST_IDENTITY_REDIRECT_ROOT_URL/CAMUNDA_OPERATE_IDENTITY_REDIRECT_ROOT_URL/CAMUNDA_OPTIMIZE_IDENTITY_REDIRECT_ROOT_URL in the services as an env variable).

Based on the Helm chart, Identity seems to be missing this variable to configure the redirect correctly. Am I right? We would need a similar variable in Helm or be able to provide the env variable manually for now.

The error is present in the 8.2 branch as well as on version 8.3.0-alpha2.

Kind regards, Florian

floricdev · June 21, 2023, 6:28am

Ping

This is currently a blocker to finish a clean deployment including Camunda Identity.

martin_schaefer · June 21, 2023, 6:17pm

I had exactly the same problem today but could solve it: Identity needs to know its own public URL to pass it as return link to Keycloak. A closer look at the helm chart for identity reveals that you can set the env variable IDENTITY_URL with the chart value identity.fullURL. Here an example how I did it with identity:

identity:
  fullURL: https://camunda.domain.org/identity
  contextPath: /identity
  ingress:
    enabled: true
    host: camunda.domain.org
    path: /identity
    annotations: {}
    tls:
      enabled: true
      secretName: my-tls-secret

I hope this helps.

floricdev · June 22, 2023, 6:24am

Thanks a lot. This solved it indeed!

system · June 29, 2023, 6:24am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.