[keycloak-user] Cors not working Final 1.2
Henk Laracker
Henk.Laracker at planonsoftware.com
Thu May 28 15:18:31 EDT 2015
I understand, but we have some weird behaviour once we've logged in into
http://localhost/app1/index.html .
If you first login on http://localhost/app1/index.html , then go directly
to http://localhost/cors/test.txt we are able to see the txt file without
logging in.
When we go back to http://localhost/app1/index.html it's working as
intended, and we get no keycloak redirect.
On 28/05/15 14:01, "Stian Thorgersen" <stian at redhat.com> wrote:
>Looks like what's happening is that you're doing a XMLHttpRequest to a
>resource that requires authentication. In this case the adapter returns a
>302 and it'll redirected to the login screen on the Keycloak server.
>
>The login screen is not expected to be invoked with XMLHttpRequest/CORS
>so it shouldn't have CORS headers.
>
>Further the Keycloak adapter only adds CORS headers when a bearer token
>is present (Authorization: Bearer ...). If you want CORS headers for
>non-protected endpoints you'll have to add those yourself as Keycloak
>pulls the permitted origins from the bearer token.
>
>Just make sure you invoke your secured endpoints with a valid bearer
>token and it should work fine. With regards to it returning a 302 for a
>XMLHttpRequest that's an improvement we can do in the adapters to only do
>that if Accept header contains text/html.
>
>----- Original Message -----
>> From: "Henk Laracker" <Henk.Laracker at planonsoftware.com>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: "Mark Bertels" <Mark.Bertels at planonsoftware.com>,
>>keycloak-user at lists.jboss.org
>> Sent: Thursday, 28 May, 2015 1:38:12 PM
>> Subject: Re: [keycloak-user] Cors not working Final 1.2
>>
>> As requested:
>>
>>
>> cors keycloak.json - http://pastebin.com/raw.php?i=n9McFRGH
>> app1 keycloak.json - http://pastebin.com/raw.php?i=jaL0c6us
>>
>> index.html - http://pastebin.com/raw.php?i=SndsyL8F
>> test.txt - http://pastebin.com/raw.php?i=BeaRUCHE
>>
>> Thanks for looking in.
>>
>>
>> On 28/05/15 12:22, "Stian Thorgersen" <stian at redhat.com> wrote:
>>
>> >
>> >
>> >----- Original Message -----
>> >> From: "Henk Laracker" <Henk.Laracker at planonsoftware.com>
>> >> To: keycloak-user at lists.jboss.org
>> >> Cc: "Mark Bertels" <Mark.Bertels at planonsoftware.com>
>> >> Sent: Thursday, 28 May, 2015 12:01:47 PM
>> >> Subject: [keycloak-user] Cors not working Final 1.2
>> >>
>> >> Hi,
>> >>
>> >> Cors headers missing during login procedure of keycloak
>> >>
>> >>
>> >> ===============================
>> >> Step 1 - Prepare keycloak realm:
>> >> ===============================
>> >>
>> >> Create a simple keycloak realm for testing,
>> >>
>> >> ===============================
>> >> Step 2 - Create a user
>> >> ===============================
>> >>
>> >> Add a user and a client to the realm
>> >> The client should be configured as follows:
>> >>
>> >> Client Protocol openid-connect
>> >> Access Type public
>> >>
>> >> Valid redirect uri's: http://localhost/*
>> >> http://localhost
>> >> Web origins: http://localhost/*
>> >> http://localhost
>> >>
>> >> ===============================
>> >> Step 3 - Create test application on tomcat
>> >> ===============================
>> >>
>> >> On a given tomcat server (I'm using localhost for this example) add 2
>> >>web
>> >> applications:
>> >> app1 with a simple index.html
>> >> cors with a simple test.txt with the content "Some data"
>> >>
>> >> The following url's are now available:
>> >> http://localhost/app1/index.html
>> >> http://localhost/cors/test.txt
>> >>
>> >> In http://localhost/app1/index.html create javascript which loads
>>data
>> >>from
>> >> http://localhost/cors/test.txt
>> >>
>> >> If you go to http://localhost/app1/index.html now, a GET will be
>> >>performed to
>> >> http://localhost/cors/test.txt and the data is displayed
>> >>
>> >>
>> >> ===============================
>> >> Step 4 - Adding keycloak to the applications
>> >> ===============================
>> >>
>> >> Add keycloak configuration on "app1".
>> >>
>> >>
>> >> Add keycloak configuration on "cors"
>> >> Additionally, add
>> >> "enable-cors": "true"
>> >> to the json file.
>> >>
>> >> ===============================
>> >> Step 5 - Log in to app1
>> >> ===============================
>> >>
>> >> If you log in to app1 in a new browser the data from app "cors" will
>> >>not be
>> >> loaded. The following error will be displayed in the console of your
>> >>browser
>> >> (using chrome)
>> >>
>> >> XMLHttpRequest cannot load
>> >>
>>
>>>>http://localhost-auth:8080/auth/realms/test/protocol/openid-connect/aut
>>>>h?
>>
>>>>reŠlient%2Ftest.txt&state=6%2Fa1e9817b-7f9b-4d30-ab4e-17637c9d190a&logi
>>>>n=
>> >>true.
>> >> No 'Access-Control-Allow-Origin' header is present on the requested
>> >>resource.
>> >> Origin 'http://localhost' is therefore not allowed access.
>> >
>> >This request to "/protocol/openid-connect/auth" makes no sense to me.
>>How
>> >are you invoking this? Can you include the source for index.html?
>> >
>> >>
>> >>
>> >> If it loaded the data, make sure that you're logged out, or try it in
>> >>private
>> >> browsing mode.
>> >>
>> >>
>> >> ===============================
>> >> Expected result
>> >> ===============================
>> >>
>> >> We expected "Access-Control-Allow-Origin" to be set to the "Web
>> >>origins",
>> >> allowing for cross-application requests without editing existing
>> >> applications.
>> >>
>> >>
>> >>
>> >> Met vriendelijke groet / Yours sincerely / Mit freundlichen Grüßen /
>> >>Très
>> >> cordialement,
>> >>
>> >>
>> >>
>> >>
>> >> Henk Laracker
>> >>
>> >> _______________________________________________
>> >> keycloak-user mailing list
>> >> keycloak-user at lists.jboss.org
>> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
More information about the keycloak-user
mailing list