OAuth problems with Cockpit after update to 7.14

zambrovski · November 11, 2020, 1:31pm

Hi folks,

I created a repo to demonstrate the bug.

It turns out that the new Cockpit implementation redirects to Camunda Webapp login as soon as the user profile request to /profile returns 404. This behaviour changed from 7.13, in that the 404 user profile response was simply ignored.

So a workaround for this bug is to provide a user profile extracted from the OAuth2 token. I implemented a simple solution in

github.com

holunda-io/camunda-sso/blob/master/src/main/java/io/holunda/example/camunda/sso/config/camunda/OAuthIdentityServiceProvider.java

package io.holunda.example.camunda.sso.config.camunda;

import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.GroupQuery;
import org.camunda.bpm.engine.identity.NativeUserQuery;
import org.camunda.bpm.engine.identity.Tenant;
import org.camunda.bpm.engine.identity.TenantQuery;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.identity.UserQuery;
import org.camunda.bpm.engine.impl.Page;
import org.camunda.bpm.engine.impl.UserQueryImpl;
import org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProvider;
import org.camunda.bpm.engine.impl.interceptor.CommandContext;
import org.camunda.bpm.engine.impl.persistence.AbstractManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;

import java.util.Collections;

This file has been truncated. show original

which can be used until fixed.

Cheers,

Simon