Camunda Webapp login fails for HTTPS connection

Biswajeet · April 28, 2020, 12:20pm

Hi There,

We have deployed Camunda webapp in openshift. We have enabled LDAP for camunda for login authorization. Earlier we were using HTTP route to our webapp and everything was working fine. We wanted to make our connection secure so recently we have created a new secure route on openshift. But After changing it to HTTPS we started getting below login error:

Login Failed: Cannot create a session after the response has been committed

Please find the log trace below:

2020-04-28 08:03:58.570 ERROR 8 --- [nio-9085-exec-7] o.a.c.c.C.[.[localhost].[/].[Admin Api]  : Servlet.service() for servlet [Admin Api] in context with path [] threw exception

java.lang.IllegalStateException: Cannot create a session after the response has been committed
	at org.apache.catalina.connector.Request.doGetSession(Request.java:2993) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
	at org.apache.catalina.connector.Request.getSession(Request.java:2432) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
	at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:908) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
	at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:920) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]

We tried analysing it from our end but with no success. I would like to post some of our findings here but not sure whether those are related or not.
We noticed an weird differnce between HTTP and HTTPS call when invoking login page(Before even entering credentials)

Below image is of network calls made when HTTPS call was made:
You could see here that a new call for “camunda-welcome” gets initiated(Marked in Red) which was not the case when invoking through HTTP.

When invoking through HTTP, this camunda-welcome call never gets initiated.

We use below version of camunda:

<parent>
        <groupId>org.camunda.bpm.springboot.project</groupId>
        <artifactId>camunda-bpm-spring-boot-starter-root</artifactId>
        <version>3.4.0</version>
</parent>

Do we need to add any config to enable HTTPS authentication in camund. Are we missing some thing. Any type of help will appreciated. Thanks in advance.

Bella Ciao!

jgigliotti · April 28, 2020, 3:21pm

Hi @Biswajeet,

I’m curious, did you happen to make any changes in addition to the HTTPS route? Perhaps to the web server config?

Per the documentation, I would expect the HTTPS route in OpenShift to behave more like a reverse proxy which would require little to no config on the web server side. I’m surprised it didn’t “just work”.

Biswajeet · April 29, 2020, 11:47am

Hi @jgigliotti,

No we haven’t made any additional changes other than just creating HTTPS route

kamalakannanvkp · August 12, 2020, 9:53pm

Hi @jgigliotti @Biswajeet , i am too stuck at the same issue . we are also on openshift . We too face the same issue of , “Cannot create a session after the response has been committed”

Initially posted issue :

So , we I migrated from 7.11.0 to 7.13.0 ., but even that doesnot give any luck . Since after migration , my tasklist/cockpit page gives 403 error . I have posted the issues over here ,
is it possible to collate the observations across these 2 issues and provide us whats going wrong ?

@aravindhrs / @Niall the main reason why we migrated from 7.11 to 7.13 to check if the new versions were provided with fix for the above isse what @Biswajeet and myself were facing.

pradeep.poojari · October 15, 2020, 2:09pm

@Biswajeet @kamalakannanvkp were you able to resolve this issue. I am facing a similar issue when I run springboot in https .?

kamalakannanvkp · October 23, 2020, 12:07pm

Yes, we managed to solve it , does it work in http before running on https ?

pradeep.poojari · October 23, 2020, 1:38pm

Hi, @kamalakannanvkp I was able to reslove this issue.

kamalakannanvkp · November 26, 2020, 9:30am

Please put down the steps followed to resolve for the benefit of the others ?

pradeep.poojari · November 28, 2020, 12:39pm

HI

My setup is a little different than yours. I followed the simple steps listed in this article to enable HTTPS mode.

I log in to Camunda using SSO using JWT. Below is a code snippet HTTP security configure adapter

@Override
	protected void configure(HttpSecurity httpSecurity) throws Exception {
		httpSecurity.csrf()
		.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
		httpSecurity.logout().disable().formLogin().disable()
				.addFilterAfter(new JwtTokenAuthenticationFilter(config), UsernamePasswordAuthenticationFilter.class)
				.authorizeRequests()
				.anyRequest().authenticated();
	}

system · January 30, 2024, 12:22pm