Hi Team ,
Earlier I use to run self managed docker setup and with proper config , I’m able to access operate , tasklist , Identtity , Now I’m running seperate compose files for each component like Identity,operate,tasklist,zeebe in docker and keycloak,postgres and elasticsearch externally outside docker
ISSUE : unable to access operate UI [ No permission for Operate - Please check your operate configuration or cloud configuration.]
Docker logs : Error in authentication callback:
2024-07-23 12:43:32
2024-07-23 12:43:32 org.springframework.security.authentication.InsufficientAuthenticationException: No read permissions
2024-07-23 12:43:32 at io.camunda.operate.webapp.security.identity.IdentityAuthentication.authenticate(IdentityAuthentication.java:249) ~[!/:8.5.0]
2024-07-23 12:43:32 at io.camunda.operate.webapp.security.identity.IdentityService.getAuthenticationFor(IdentityService.java:106) ~[!/:8.5.0]
My docker file for operate :
services:
operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate
image: camunda/operate:${CAMUNDA_PLATFORM_VERSION}
container_name: operate
ports:
- “8071:8080”
environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/
- CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=host.docker.internal:26500
- ZEEBE_CLIENT_ID=camunda-platform
- ZEEBE_CLIENT_SECRET=3Ct3sTUpZbvUSUeAye4wQQqNpgU3Gzjh
- ZEEBE_TOKEN_AUDIENCE=zeebe-api
- ZEEBE_AUTHORIZATION_SERVER_URL=http://host.docker.internal:8080/auth/realms/camunda-platform/protocol/openid-connect/token
- CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://host.docker.internal:9200
- CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://host.docker.internal:9200
# For more information regarding configuration with Identity see:
# https://docs.camunda.io/docs/self-managed/operate-deployment/authentication/#identity
- SPRING_PROFILES_ACTIVE=identity-auth
- CAMUNDA_OPERATE_IDENTITY_BASEURL=http://host.docker.internal:8084
- CAMUNDA_OPERATE_IDENTITY_ISSUER_URL=http://localhost:8080/auth/realms/camunda-platform
- CAMUNDA_OPERATE_IDENTITY_ISSUER_BACKEND_URL=http://host.docker.internal:8080/auth/realms/camunda-platform
- CAMUNDA_OPERATE_IDENTITY_CLIENTID=operate
- CAMUNDA_OPERATE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
- CAMUNDA_OPERATE_IDENTITY_AUDIENCE=operate-api
- CAMUNDA_OPERATE_MULTITENANCY_ENABLED=true
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://host.docker.internal:8080/auth/realms/camunda-platform
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://host.docker.internal:8080/auth/realms/camunda-platform/protocol/openid-connect/certs
- CAMUNDA_OPERATE_IDENTITY_RESOURCEPERMISSIONSENABLED=true
- management.endpoints.web.exposure.include=health
- management.endpoint.health.probes.enabled=true
- ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache
healthcheck:
test: [ “CMD-SHELL”, “wget -O - -q ‘http://localhost:8080/actuator/health/readiness’” ]
interval: 30s
timeout: 1s
retries: 5
start_period: 30s
I have cross checked the user I’m logging with ,It has all necessary roles and permissions to access all components ,The user has all permissions to access all components , I’m able to access all other components except operate.