[ISSUE] Identity not disabled with OIDC enabled for version 8.4+gen15 #2540
Description
Describe the issue:
Identity not disabled when testing with EntraID (OIDC)
Actual behavior:
Identity pod unhealthy and should not be there as OIDC with 8.4 is not supporting Identity UI
Expected behavior:
Identity is disabled when OIDC is enabled.
How to reproduce:
Enable OIDC when installing via helm.
Logs:
Identity
2024-10-09T13:24:03.710Z ERROR 1 --- [ main] o.s.b.d.LoggingFailureAnalysisReporter :
***************************
APPLICATION FAILED TO START
***************************
Description:
Parameter 1 of constructor in io.camunda.identity.controller.PublicAuthorizationController required a bean of type 'io.camunda.identity.service.AuthorizationService' that could not be found.
Action:
Consider defining a bean of type 'io.camunda.identity.service.AuthorizationService' in your configuration.
Environment:
Please note: Without the following info, it's hard to resolve the issue and probably it will be closed.
- Platform: GCP, local
- Helm CLI version: v3.13.1
- Chart version: snapshot-8.4
- Values file:
global:
identity:
auth:
enabled: true
{{- if .Values.OIDC }}
issuer: "https://login.microsoftonline.com/****/v2.0"
issuerBackendUrl: "https://login.microsoftonline.com/****/v2.0"
tokenUrl: "https://login.microsoftonline.com/****/oauth2/v2.0/token"
jwksUrl: "https://login.microsoftonline.com/****/discovery/v2.0/keys"
type: "MICROSOFT"
publicIssuerUrl: "https://login.microsoftonline.com/****/v2.0"
{{- if or (eq .Values.version "alpha") (semverCompare ">=8.5.0" .Values.version) }}
identity:
clientId: "****"
existingSecret: "****"
audience: "****"
initialClaimValue: "****"
redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/identity"
{{- end }}
operate:
clientId: "****"
audience: "****"
existingSecret: "****"
redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/operate"
console:
clientId: "****"
audience: "****"
redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}"
tokenScope: ""
connectors:
clientId: "****"
audience: "****"
existingSecret: "****"
optimize:
clientId: "****"
audience: "****"
existingSecret: "****"
redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/optimize"
tasklist:
clientId: "****"
audience: "****"
existingSecret: "****"
redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/tasklist"
webModeler:
clientId: "****"
clientApiAudience: "****"
publicApiAudience: "****"
redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/modeler"
zeebe:
clientId: "****"
audience: "****"
existingSecret: "****"
tokenScope: "****/.default"
redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/optimize"
{{- else }}
publicIssuerUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/auth/realms/camunda-platform"
operate:
redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/operate"
tasklist:
redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/tasklist"
optimize:
redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/optimize"
console:
redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}"
webModeler:
redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/modeler"
{{- end }}
multitenancy:
enabled: {{ .Values.MT }}
ingress:
enabled: true
className: nginx
host: "{{ .Values.HOST_PREFIX }}.{{ .Values.host }}"
tls:
enabled: true
secretName: camunda-platform
annotations:
external-dns.alpha.kubernetes.io/hostname: "{{ .Values.HOST_PREFIX }}.{{ .Values.host }}"
external-dns.alpha.kubernetes.io/ttl: "60"
```