Password-policy 404 not found

Hi all.
I’m using embedded camunda engine and web apps in my spring boot application.
I’ve already implemented ReadOnlyIdentityProvider and everything works as expected, but in welcome application there is an error loading password policy with error code 404.

  1. Request URL: http://localhost:8787/xxx/api/engine/engine/xxxbpm/identity/password-policy

  2. Request Method:


  1. Status Code:


  1. Remote Address:
  1. Referrer Policy:


could you please help with that.

PS: I’ve configured camunda engine not to use password policy:


but that does not work. Also, I’ve configured camunda engine to use the default password policy:

PasswordPolicy passwordPolicy = new DefaultPasswordPolicyImpl();
but also that does not work.

any help would be appreciated.

how are you calling that endpoint?

Hi @Niall
It is called in welcome app:

Hi @MATRIX81 ,

I am facing similar issue logging into camunda cockpit, the rest APIs work just fine.
I am using camunda 7.13 springboot version

This happened due to session affinity, if you are deploying more than one camunda instances behind load balancers we need to make sure session affinity on the load balancer is set to avoid token mismatch issues with redirection

I am running spring boot embedded (7.13) in the local environment with no load balancer seeing the same issue.

According to, this 404 is not considered a bug.

To provide a bit more detail here:

The REST API just works as expected and as documented.
We understand that this 404 default handling can raise concerns and will consider this for calls we add to the web apps in the future. The 404 you see here is however of no concern.

If you’d want to not see the 404, you would need to set enablePasswordPolicy to true in the engine configuration. This will by default enable the DefaultPasswordPolicy. You can of course provide your own policy by setting it via setPasswordPolicy in the engine configuration.

Hope that helps.