Camunda Webapp login fails for HTTPS connection

Hi There,

We have deployed Camunda webapp in openshift. We have enabled LDAP for camunda for login authorization. Earlier we were using HTTP route to our webapp and everything was working fine. We wanted to make our connection secure so recently we have created a new secure route on openshift. But After changing it to HTTPS we started getting below login error:

Login Failed: Cannot create a session after the response has been committed

Please find the log trace below:

2020-04-28 08:03:58.570 ERROR 8 --- [nio-9085-exec-7] o.a.c.c.C.[.[localhost].[/].[Admin Api]  : Servlet.service() for servlet [Admin Api] in context with path [] threw exception

java.lang.IllegalStateException: Cannot create a session after the response has been committed
	at org.apache.catalina.connector.Request.doGetSession( ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
	at org.apache.catalina.connector.Request.getSession( ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
	at org.apache.catalina.connector.RequestFacade.getSession( ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
	at org.apache.catalina.connector.RequestFacade.getSession( ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]

We tried analysing it from our end but with no success. I would like to post some of our findings here but not sure whether those are related or not.
We noticed an weird differnce between HTTP and HTTPS call when invoking login page(Before even entering credentials)

Below image is of network calls made when HTTPS call was made:
You could see here that a new call for “camunda-welcome” gets initiated(Marked in Red) which was not the case when invoking through HTTP.

When invoking through HTTP, this camunda-welcome call never gets initiated.

We use below version of camunda:


Do we need to add any config to enable HTTPS authentication in camund. Are we missing some thing. Any type of help will appreciated. Thanks in advance.

Bella Ciao!

Hi @Biswajeet,

I’m curious, did you happen to make any changes in addition to the HTTPS route? Perhaps to the web server config?

Per the documentation, I would expect the HTTPS route in OpenShift to behave more like a reverse proxy which would require little to no config on the web server side. I’m surprised it didn’t “just work”.

Hi @jgigliotti,

No we haven’t made any additional changes other than just creating HTTPS route

Hi @jgigliotti @Biswajeet , i am too stuck at the same issue . we are also on openshift . We too face the same issue of , “Cannot create a session after the response has been committed

Initially posted issue :

So , we I migrated from 7.11.0 to 7.13.0 ., but even that doesnot give any luck . Since after migration , my tasklist/cockpit page gives 403 error . I have posted the issues over here ,
is it possible to collate the observations across these 2 issues and provide us whats going wrong ?

@aravindhrs / @Niall the main reason why we migrated from 7.11 to 7.13 to check if the new versions were provided with fix for the above isse what @Biswajeet and myself were facing.

@Biswajeet @kamalakannanvkp were you able to resolve this issue. I am facing a similar issue when I run springboot in https .?

Yes, we managed to solve it , does it work in http before running on https ?

1 Like

Hi, @kamalakannanvkp I was able to reslove this issue.

Please put down the steps followed to resolve for the benefit of the others ?

1 Like


My setup is a little different than yours. I followed the simple steps listed in this article to enable HTTPS mode.

I log in to Camunda using SSO using JWT. Below is a code snippet HTTP security configure adapter

	protected void configure(HttpSecurity httpSecurity) throws Exception {
				.addFilterAfter(new JwtTokenAuthenticationFilter(config), UsernamePasswordAuthenticationFilter.class)