[keycloak-user] keycloak CORS Headers in 401 Response
Josh Cain
jcain at redhat.com
Mon Dec 18 08:47:01 EST 2017
We had the same issue, turns out it was a product bug, but got fixed in
3.4.1 [0]. I'm not aware of any workarounds, other than using
infra-type solutions like a proxy.
[0] https://issues.jboss.org/browse/KEYCLOAK-1886
Josh Cain
Senior Software Applications Engineer, RHCE
Red Hat North America
jcain at redhat.com IRC: jcain
On 12/17/2017 04:41 PM, Joao Costa wrote:
> I have two keycloack clients,
>
> Angular 4: with Access Type credentials authentication
> A JAX RS Application (which will be the resource server): with bearer-only authentication! In this client we activate CORS, as shown by the following json.
>
>> {
>> "realm": "demo-realm",
>> "bearer-only": true,
>> "auth-server-url": "http://demo-keycloack-server:8080/auth <http://demo-keycloack-server:8080/auth>",
>> "ssl-required": "external",
>> "resource": "demo-server",
>> "enable-cors": true
>> }
>
> The problem is that the requests to the JAX-RS Application when the response status is Unauthorized 401, this response do not brings the required CORS Headers to javascript client!
>
> How can we add the respective CORS Header when the HTTP Status is 401 ?
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20171218/6c8f1faf/attachment.bin
More information about the keycloak-user
mailing list