Cannot disable engine's authorization

Hello guys.

I just successfuly implemented SSO in Camunda with Azure AD, I followed this repository and it seems like it works correctly.

BUT, as I’m trying to access one of the webapps, I see that the Camunda still tries to authorize my and I cannot do basic stuff like “run process instance from tasklist”, instead I see 403 forbidden reponse.

Things I already tried:

• I implemented custom Identity Provider following this approach, but the engine still tries to authorize me against it’s database.
• I already disabled the authorization in the application.proprties of my app, still the authorization happens.
• I disabled authorization through processEngineConfirugration.setAuthorizationEnabled(false) and still, Camunda tries to authorize me.

QUESTION: Is there any possible way to completely disable authorization in Camunda engine as I want to handle it on my own?

I would like to handle authentication & authorization on my own, regarding the Azure AD data, without having any camunda users, groups or whatever in the database.

Topics that I already covered and I found not helpful:

• Why Camunda Cockpit shows login when authorization is disabled?
• Single-Sign-On in Camunda
• Authorization Service | docs.camunda.org
• Authorization Management | docs.camunda.org
• User Management | docs.camunda.org

I was able to resolve that issue. The solution is rather interesting.

So manually, through Java code, I created custom authorizations in the Camunda engine according to my needs, the trick was to grant those authorizations to the user group, that had to exist in the engine (so I created it as well, also through Java code) and the name of this group had to be EXACTLY the same as the Azure group.

This all together allowed me to utilize authorization on Azure AD level. Just leaving this here in case someone stumbles upon the same issue in future.

Interesting, thanks for sharing the solution you found!