Hi @Helene
I think we know what the problem is.
Context.
Engine setup: Spring boot app with embedded engine keycloak for API authentication.
Optimize configuration is pointing at this engine.
Problem (our thesis):
optimize is trying to reach camunda, but was not sending any jwt token/ bearer token with it (the logs show the message: no JWT token found).
Camunda therefore had an empty bearer token that it forwarded to keycloak.
keycloak says: I cannot resolve the groups of an empty bearer token and I should return “not allowed to camunda”
Camunda in turn declinee the request by optimize
So this problem is documented here Optimize Login with Bearer Token and here Custom authentication
So I guess, the solution is to do as recommended in the other tickets ?
Any additional input is very welcome ? And thanks for having a look at my post !