i’m looking for more informations about the “bugfix” in 8.2.5 ( Release 8.2.5 · camunda/camunda-platform · GitHub)
CAMUNDA_OPERATE_IDENTITY_REDIRECT_ROOT_URL from env vars (
#4351) ( #4503)
Login in Operate is not working anymore with 8.2.5 (self managed). I don’t know how this fix affects configuration. Unfortunately, the issue link seems to be dead.
May 25, 2023, 9:28am
How are you configuring Operate - via yml or via env vars?
Could you share your configuration, with any of the sensitive data scrubbed? I can get someone from the Operate team to have a look at it.
i’m using the camunda-platform helm chart in version 8.2.4 for deployment in kubernetes.
I recognized in the meantime that i have a problem configuring a context path for Operate.
Snippet from my configuration values.yaml:
redirectUrl: "https://domain.cloud/operate" # redirect with context path
This works well with the images in version 8.2.4 but i got an error with 8.2.5 accessing Operate in the browser when i got redirected to the identity login page (“We are sorry… Invalid parameter: redirect_uri”). I tried different configurations but without success.
I finally changed the configuration giving up the context path and everything works as expected.
# contextPath: "/operate"
# probePath: "/operate/actuator/health/readiness"
Maybe i just don’t fully understand how a context path for Operate has to be configured.
Since it is not strictly necessary using a context path i’m just fine with the configuration without it.
@jbuyer, there is a bug in the v8.2.5 apps, and I’m working on a hotfix for it in the Helm chart till it’s fixed in the apps.
Follow for more details:
03:03PM - 25 May 23 UTC
**Describe the issue:**
When trying to login into Camunda Platform 8.2.5, Key
… cloak shows the error `Invalid parameter: redirect_uri` for:
The rest of the web apps and the Zeebe engine working as normal.
When trying to login, for example, `https://camunda.example.com/operate`, Keycloak shows the error `Invalid parameter: redirect_uri` in the browser and it's not possible to login.
It should be possible to login into the apps normally.
**How to reproduce:**
Deploy any Helm chart v8.2.x with apps v8.2.5 with combined Ingress enabled.
Operate and Tasklist show in the logs that the contextPath is repeated twice.
[2023-05-25 08:25:17.783 DEBUG 7 --- [nio-8080-exec-4] i.c.o.w.s.i.IdentityController : Redirect Login to https://v8.2.4.release.distro.ultrawombat.com/auth/realms/camunda-platform/protocol/openid-connect/auth?client_id=operate&redirect_uri=https%3A%2F%2Fv8.2.4.release.distro.ultrawombat.com%2Foperate%2Foperate%2Fidentity-callback&response_type=code&scope=openid+email&state=](https://camunda.example.com/auth/realms/camunda-platform/protocol/openid-connect/auth?client_id=operate&redirect_uri=https%3A%2F%2Fcamunda.example.com%2Foperate%2Foperate%2Fidentity-callback&response_type=code&scope=openid+email&state=)
Optimize shows that part of the `redirect_uri` is missing which is `/api/authentication/callback`.
- Platform: Any
- Helm CLI version: v3.12.0
- Chart version: 8.2.4
- Apps version: 8.2.5
- Values file: Any