Starter's admin user can not login

HI there,
I am trying to integrate a camunda-bpm-spring-boot-starter-webapp into a spring app. So far, I do have the following settings:

camunda.bpm.authorization.enabled-for-custom-code=true
camunda.bpm.authorization.enabled=true
camunda.bpm.admin-user.id=admin
camunda.bpm.admin-user.password=admin
camunda.bpm.admin-user.email=admin@example.org
camunda.bpm.admin-user.first-name=Max
camunda.bpm.admin-user.last-name=Mustermann
camunda.bpm.filter.create=true
camunda.bpm.auto-deployment-enabled=false

But login page still gives me, though the user is created:
Wrong credentials, locked user or missing access rights to application.

Important to note - my spring app also uses spring-security module, so I did disable it as well, via:

class WebSecurityConfiguration : WebSecurityConfigurerAdapter() {

    override fun configure(http: HttpSecurity) {
        http
            .authorizeRequests { auth ->
                auth
                    .anyRequest().permitAll()
            }
    }
}

P.S. API gives 403 back, so it’s definitely not spring-security

Update: even if I do remove admin-user properties, camunda doesn’t allow me to create one with the following error:
Could not create initial user.

Alright, I found the issue. I’d leave it here just in case someone has the same…
The issue was an invalid csrf token, which was checked at spring-security prior camunda and failed. Once I did disable it via configuration, login worked as expected:

@Configuration
class WebSecurityConfiguration : WebSecurityConfigurerAdapter() {

    override fun configure(http: HttpSecurity) {
        http
            .csrf().disable()
            .authorizeRequests { auth ->
                auth
                    .anyRequest().permitAll()
            }
    }
}
2 Likes

Thanks for posting your solution!