I am having WebApps Authorization problems with one of our Camunda deployments.
In one, everything works fine - I can navigate to /app/admin/default/#/login
, provide my admin credentials, and the Admin page (/app/admin/default/#/
) comes up fine.
In the other, after providing my credentials, I see the Admin page for a quick second, then it returns to the login screen. Looking a Chrome’s DevTools, I see the following XHR calls:
POST /api/admin/auth/user/default/login/admin
Returns 200 with body {userId: “CamundaAdminStg”, authorizedApps: [“admin”, “tasklist”, “welcome”, “cockpit”]}.
GET /api/engine/engine/default/user/CamundaAdminStg/profile
Returns 401 with body {“timestamp”:“2018-08-23T19:24:34.415+0000”,“status”:401,“error”:“Unauthorized”,“message”:“No message available”,“path”:"/api/engine/engine/default/user/CamundaAdminStg/profile"}
OPTIONS /api/engine/engine/default/user/
Returns 200 with headers:
x-authorized-apps: admin,tasklist,welcome,cockpit
x-authorized-engine: default
x-authorized-user: CamundaAdminStg
OPTIONS /api/engine/engine/default/group/
Returns 401
…
I am at a loss why the one deployment works fine, but this one does not.
I’m not sure if its related, but most all responses from the webserver with problems change the JSESSIONID cookie with the set-cookie
response header. On the webserver where the WebApps work fine, the JSESSIONID is not changed.