Cannot authenticate to Tasklist

Camunda 8 Topics
1

Hi,
I am using Camunda 8.7 docker compose on Docker Desktop 4.41.2 in Windows 11. I let everything in .env or the yaml in default and executed docker compose up -d.

My Maven dependencies are:

    <dependency>
      <groupId>io.camunda</groupId>
      <artifactId>zeebe-client-java</artifactId>
      <version>8.7.4</version>
    </dependency>
    <dependency>
      <groupId>io.camunda</groupId>
      <artifactId>camunda-tasklist-client-java</artifactId>
      <version>8.7.1</version>
    </dependency>
    <dependency>
      <groupId>io.camunda</groupId>
      <artifactId>identity-sdk</artifactId>
      <version>8.5.17</version>
    </dependency>

The Modeler works and I could deploy a process with one service task. My job worker written in a Java21/Maven project works and executes.

As a next step, I wanted to work with a tasklist client but I could not get it authorize. I tried several ways, including:

or

        SimpleCredential credentials =
                new SimpleCredential("demo", "demo", URI.create("http://localhost:8082").toURL(),
                Duration.ofMinutes(10));
        SimpleAuthentication authentication = new SimpleAuthentication(credentials);
        CamundaTasklistClientConfiguration configuration =
                new CamundaTasklistClientConfiguration(
                        authentication,
                        tasklistUrl,
                        zeebeClient,
                        new CamundaTasklistClientConfiguration.DefaultProperties(true, false, true));
        tasklistClient = new CamundaTaskListClient(configuration);

I use those parameter:

        String identityUrl = "http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/token";
        String clientId = "tasklist";
        String clientSecret = "XALaRPl5qwTEItdwCMiPS62nVpKs7dL7";
        String audience = "tasklist-api";
        URL tasklistUrl = URI.create("http://localhost:8082").toURL();

which I have taken from the yaml file. The clientId, clientSecret and audience can I also find, when i login to keycloak and check the configuration of the clients of realm camunda-platform.

I also tried it via Postman, but the credentials are rejected:

image
image1480×567 44.3 KB

These are the values of the default .env file:

      - CAMUNDA_TASKLIST_IDENTITY_BASEURL=http://identity:8084
      - CAMUNDA_TASKLIST_IDENTITY_ISSUER_URL=http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform
      - CAMUNDA_TASKLIST_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:18080/auth/realms/camunda-platform
      - CAMUNDA_TASKLIST_IDENTITY_CLIENTID=tasklist
      - CAMUNDA_TASKLIST_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
      - CAMUNDA_TASKLIST_IDENTITY_AUDIENCE=tasklist-api

The localhost DNS configuration also works and I can reach:
http://keycloak:18080/auth/realms/camunda-platform