[keycloak-user] enable CORS
lists
lists at merit.unu.edu
Tue Apr 17 11:28:18 EDT 2018
Hi,
I have read some more, but would still some feedback from the experts
here. :-) Here's what I think I learned:
We are using apache as a proxy in front of keycloak, configured like this:
> ProxyPreserveHost On
> ProxyVia Off
> ProxyRequests Off
> ProxyPass / "http://localhost:8080/"
> ProxyPassReverse / "http://localhost:8080/"
>
> RequestHeader set X-Forwarded-Proto "https"
> RequestHeader set X-Forwarded-Port "443"
After reading https://awesometoast.com/cors/ and
http://enable-cors.org/server_apache.html it seems I have to add CORS
headers in apache config, so I added:
> Header always set Access-Control-Allow-Origin "*"
The "*" in this line feels like opening a large security hole...
But any comments on the above?
MJ
On 17-4-2018 14:55, lists wrote:
> Hi,
>
> We are using keycloak as a SAML2 IdP for a web application (SOGo).
> Logging on works fine, however, after a while SOGo stops working.
>
> I asked SOGo support to take a look at this, and they told me: "You'll
> need to enable CORS headers on our IdP keycloak.ourcompany.com so I can
> continue the debugging. The redirect is currently blocked for this reason."
>
> I cannot find any keycloak toggle that would enable CORS headers. Could
> anyone tell me how to do this..?
>
> MJ
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list