Camunda Web applications Security

I am using an embedded Camunda engine with Sprinb Boot Application. I have enabled custom OAuth2 security to secure Camunda REST APIs and those are working fine. REST APIs as per expectation works with a valid JWT token (Bearer Token).

After securing the REST API all web applications of Camunda got locked. To exclude those UI paths I added the following paths to my application.yml

          - pattern: '/camunda/**'
          - pattern: '/camunda-welcome/**'
          - pattern: '**'
            http-method: OPTIONS

And now I am reaching the login page. But I am not able to see the Tasklist or Cockpit after providing the current login and passwords.

After providing the correct Admin username and password, it comes back to the login page itself.
Am I missing something in the configuration?

Can you describe your setup?
Camunda version, Database etc.
Also are you running Camunda in a clustered settup?

Setup description:

Spring-Boot: (v2.2.11.RELEASE)
Camunda BPM: (v7.13.0)
Camunda BPM Spring Boot Starter: (v7.13.0)
Database: MySQL

→ are you running Camunda in a clustered setup?

We use fedrated user and all APIs are secured for authentication and need a Bearer token. After enabling the custom Authentication, all the Camuda REST APIs got secured (as per expectation), but Camunda web applications were also locked.

I have added the pattern to camunda urls in application.yml so that Authentication will be ignored there.

After that I am able to reach to the login page. But after providing the admin user/password it does not show the Tasklist or Cockpit, rather it jumps back to the login form.

If I provide the wrong username/password then I can see the login Failed message on the UI. But in the case of the correct username/password I do not see that message.