[keycloak-user] Cors not working Final 1.2
Stian Thorgersen
stian at redhat.com
Thu May 28 06:22:50 EDT 2015
----- Original Message -----
> From: "Henk Laracker" <Henk.Laracker at planonsoftware.com>
> To: keycloak-user at lists.jboss.org
> Cc: "Mark Bertels" <Mark.Bertels at planonsoftware.com>
> Sent: Thursday, 28 May, 2015 12:01:47 PM
> Subject: [keycloak-user] Cors not working Final 1.2
>
> Hi,
>
> Cors headers missing during login procedure of keycloak
>
>
> ===============================
> Step 1 - Prepare keycloak realm:
> ===============================
>
> Create a simple keycloak realm for testing,
>
> ===============================
> Step 2 - Create a user
> ===============================
>
> Add a user and a client to the realm
> The client should be configured as follows:
>
> Client Protocol openid-connect
> Access Type public
>
> Valid redirect uri's: http://localhost/*
> http://localhost
> Web origins: http://localhost/*
> http://localhost
>
> ===============================
> Step 3 - Create test application on tomcat
> ===============================
>
> On a given tomcat server (I'm using localhost for this example) add 2 web
> applications:
> app1 with a simple index.html
> cors with a simple test.txt with the content "Some data"
>
> The following url's are now available:
> http://localhost/app1/index.html
> http://localhost/cors/test.txt
>
> In http://localhost/app1/index.html create javascript which loads data from
> http://localhost/cors/test.txt
>
> If you go to http://localhost/app1/index.html now, a GET will be performed to
> http://localhost/cors/test.txt and the data is displayed
>
>
> ===============================
> Step 4 - Adding keycloak to the applications
> ===============================
>
> Add keycloak configuration on "app1".
>
>
> Add keycloak configuration on "cors"
> Additionally, add
> "enable-cors": "true"
> to the json file.
>
> ===============================
> Step 5 - Log in to app1
> ===============================
>
> If you log in to app1 in a new browser the data from app "cors" will not be
> loaded. The following error will be displayed in the console of your browser
> (using chrome)
>
> XMLHttpRequest cannot load
> http://localhost-auth:8080/auth/realms/test/protocol/openid-connect/auth?re…lient%2Ftest.txt&state=6%2Fa1e9817b-7f9b-4d30-ab4e-17637c9d190a&login=true.
> No 'Access-Control-Allow-Origin' header is present on the requested resource.
> Origin 'http://localhost' is therefore not allowed access.
This request to "/protocol/openid-connect/auth" makes no sense to me. How are you invoking this? Can you include the source for index.html?
>
>
> If it loaded the data, make sure that you're logged out, or try it in private
> browsing mode.
>
>
> ===============================
> Expected result
> ===============================
>
> We expected "Access-Control-Allow-Origin" to be set to the "Web origins",
> allowing for cross-application requests without editing existing
> applications.
>
>
>
> Met vriendelijke groet / Yours sincerely / Mit freundlichen Grüßen / Très
> cordialement,
>
>
>
>
> Henk Laracker
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list