I’m working on the upgrade of Camunda to latest 7.14.1-ee version. After the migration I’m failing to use the webapps because of a redirect to the internal login page of Camunda.
Here are some facts:
we use Spring OAuth for authentication / authorization
we changed the Jersey url to /rest and webapp url to / to restore the behaviour of prio 7.14 via application properties.
What we observe:
after OAuth login, we successfully see the camunda webapp welcome page with my user correctly resolved (and displayed in the top right corner)
after click on the cockpit it flashes up, I see my logged in user, the orange “welcome” banner is is displayed for a short period of time and the page directly redirects to the camunda login page
analyzing the requests in the network page of the browser, I can’t see any requests responded by 401 or 403 which would lead to the redirect.
Does anyone experience the same issue?
Camunda-Devs → we installed the oath filter on /app, /lib/api (and I added /camunda-welcome). Anything I’m missing? Couldn’t find anything in changes or any other description that the behaviour of the cockpit changed somehow…
To make it more clear: I can access Welcome, Admin and Tasklist, only the Cockpit redirects me to the internal (useless in my scenario) login page. I stay logged in, so calling the welcome/tasklist/admin webapp afterwards works as desired.
Please consider raising a support ticket to speed up the investigation of the issue: https://docs.camunda.org/enterprise/support/
I think for the investigation we will be interest in generating a HAR file where the issue is reproduced and your spring and engine configurations.
Hi @zambrovski, I experienced the same behavior , I use JWT to login to webapp tasklist and admin modules works fine. I see the problems in cockpit UI only.
I see this note in Camunda Webapp git repo… the way they building their project is changed now.
Please note that with Camunda 7.14.0 we moved Cockpit to a separate build step. Check out the development build and prerequisites in the Cockpit directory.
I reverted to 7.13 version till this gets resolved.
@zambrovski, I noticed the same issue . Oddly enough the issue appears only in the enterprise version. 7.14.0 of the community version did not have this issue.
are you using the “old” Spring Security OAuth 2.x or the newer Spring Security 5.2.x mechanisms?
With my Keycloak SSO example (https://github.com/camunda/camunda-bpm-identity-keycloak/tree/master/examples/sso-kubernetes) I haven’t seen any problems so far. But to be honest, I haven’t yet found the time to upgrade it to Spring Security 5.2.x. So I’m just curious, what your exact setup is. Even if my example is very special, your answer might help me to be aware of some pitfalls.
It turns out that the new Cockpit implementation redirects to Camunda Webapp login as soon as the user profile request to /profile returns 404. This behaviour changed from 7.13, in that the 404 user profile response was simply ignored.
So a workaround for this bug is to provide a user profile extracted from the OAuth2 token. I implemented a simple solution in