Skip to main content

SRP not discovered by Console

Symptom: The SRP instance does not appear in the Console Schema Registry dropdown. Cause: Console is not receiving heartbeats from SRP. Fix:
  1. Verify CDK_SCHEMAREGISTRYPROXY_ENABLED=true is set on Console.
  2. Check that KAFKA_HEARTBEAT_ENABLED=true on SRP (this is the default).
  3. Confirm SRP and Console connect to the same Kafka cluster.
  4. Verify the _conduktor_srp_events topic exists and is accessible.

Permissions not applied

Symptom: Users receive authorization errors even after permissions are granted in Console. Cause: SRP is not consuming permission updates from Kafka. Fix:
  1. Check that AUTH_USE_REACTIVE_CONFIG=true on SRP (this is the default).
  2. Verify the _conduktor_srp_commands topic exists with the expected replication factor.
  3. Confirm Console is connected to the same Kafka cluster as SRP.
  4. Review SRP logs for permission consumption messages.

Authentication failures

Symptom: Clients receive 401 Unauthorized responses. Cause: JWT token validation is failing. Fix:
  1. Verify the JWKS endpoint is accessible from the SRP container.
  2. Confirm JWT_SUBJECT_CLAIM_NAME matches the claim used in your tokens.
  3. Check token expiration — set JWT_VALIDATE_EXPIRATION=false temporarily to isolate the issue.