Our Camunda WebApp is embedded with spring boot application and runs behind Spring Cloud Gateway. WebApp has been scaled to multiple instances with application. We cannot set stick session at router or load balancer. We implement ContainerBasedAuthenticationProvider with OAuth2/JWT without using WebApp out of box basic authentication. So the JWT token passed to WebApp every request and Spring Security will do the Token verification so it becomes stateless. When request hitting https://{domain}/camunda/app/cockpit/default/, all other requests went fine with 200 response but one end point always gives 404 error
https://{domain}/camunda/api/admin/auth/user/default
If WebApp runs in singles instance, it just works fine. Could the above endpoint always check session? Could we disable the check?
Another finding is that the above motioned request does not go through our ContainerBasedAuthenticationProvider.