<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi,<br>
<br>
it looks to me that your CORS settings on adapters side and also
for your frontend application looks good. However keycloak
returned 403 Forbidden and hence did not add cors headers (we are
adding cors headers after successful authentication). Do you have
something in the server log?<br>
<br>
What I would try is:<br>
- Temporary set "ssl-required" to "none" in the adapters
configuration<br>
<br>
- If it doesn't help, then see how it will behave if both frontend
application and rest application are on same origin (either
<a class="moz-txt-link-freetext" href="http://162.244.28.89:8080">http://162.244.28.89:8080</a> or <span
style="font-size:10.0pt;font-family:Consolas" lang="FR-CH"><a class="moz-txt-link-freetext" href="http://162.244.28.89">http://162.244.28.89</a>)</span><br>
<br>
- Maybe using hostname like "myhost.com" instead of IP address
could help. If you have opportunity to temporarily add virtual
host and use hostname it worth a try (it's strange, but who
knows...)<br>
<br>
Marek<br>
<br>
<br>
On 27.1.2015 07:55, Brem, Robert wrote:<br>
</div>
<blockquote
cite="mid:5522F086A978AE45ADB4CE2A7FAF6E80211A2CE6@ex2010-db02.adesso.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;
        mso-fareast-language:EN-US;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">Hy @ll,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">For my current project I
use Docker and run each service in a own container, and
spread the services over multiple servers. All connected via
REST.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">For the security I found
Keycloak, and I think it’s a really cool tool. But I never
was the best friend of security… JASS/Spring Security…<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">My problem is, I try to
use the cors example
(<a class="moz-txt-link-freetext" href="https://github.com/keycloak/keycloak/tree/master/examples/cors">https://github.com/keycloak/keycloak/tree/master/examples/cors</a>).
I also use AngularJS for the frontend that consumes multiple
REST Services.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">But I don’t get it to
work. I always get the following error:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas;color:red"
lang="EN-US">XMLHttpRequest cannot load
<a moz-do-not-send="true"
href="http://162.244.28.89:8080/BrandService/resources/brands/">http://162.244.28.89:8080/BrandService/resources/brands/</a>.
No 'Access-Control-Allow-Origin' header is present on the
requested resource. Origin '<a class="moz-txt-link-freetext" href="http://162.244.28.89">http://162.244.28.89</a>' is
therefore not allowed access. The response had HTTP status
code 403.</span><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Google Chrome give me
the following output for the http request:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Remote
Address:162.244.28.89:8080<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Request
<a moz-do-not-send="true"
href="URL:http://162.244.28.89:8080/BrandService/resources/brands/">URL:http://162.244.28.89:8080/BrandService/resources/brands/</a><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Request
Method:GET<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Status
Code:403 Forbidden<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><b><u><span
style="font-size:10.0pt;font-family:Consolas"
lang="EN-US">Request Headersview source<o:p></o:p></span></u></b></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Accept:application/json,
text/plain, */*<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="FR-CH">Accept-Encoding:gzip,
deflate, sdch<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="FR-CH">Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="FR-CH">Authorization:Bearer
eyJhbGciOiJSUzI1NiJ9….ay2Sr-GP0CYfSDV7O2Q8sNyx91RgHdhy2S600NYEHUFG2VoF5cRCDBJpkuPbcXVtz2liMy-80S3KY9lfII<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="FR-CH">Connection:keep-alive<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="FR-CH">Host:162.244.28.89:8080<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="FR-CH">Origin:<a class="moz-txt-link-freetext" href="http://162.244.28.89">http://162.244.28.89</a><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Referer:<a class="moz-txt-link-freetext" href="http://162.244.28.89/">http://162.244.28.89/</a><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">User-Agent:Mozilla/5.0
(Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/39.0.2171.99 Safari/537.36<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><b><u><span
style="font-size:10.0pt;font-family:Consolas"
lang="EN-US">Response Headersview source<o:p></o:p></span></u></b></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Cache-Control:no-cache,
no-store, must-revalidate<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Connection:keep-alive<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Content-Length:68<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Content-Type:text/html;charset=UTF-8<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Date:Fri,
23 Jan 2015 19:23:33 GMT<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Expires:0<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Pragma:no-cache<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Server:WildFly/8<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">X-Powered-By:Undertow/1<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">ConsoleSearchEmulationRendering</span><span
lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">What I don’t get is the
response header. Shouldn’t there be the following header
settings:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Access-Control-Allow-Credentials:true<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Access-Control-Allow-Headers:origin,accept,content-type<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Access-Control-Allow-Methods:GET,
POST, PUT, DELETE, OPTIONS, HEAD<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Access-Control-Allow-Origin:*<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Access-Control-Max-Age:151200<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Allow:HEAD,
POST, GET, OPTIONS, PUT</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">My keycloak.json looks
like that:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">{<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">
"realm": "openPixx",<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">
"realm-public-key": "…bmwCckE..gWjLQIDAQAB",<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">
"ssl-required": "external",<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">
"resource": "BrandService",<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">
"bearer-only": true,<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">
"cors-max-age" : 1000,<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">
"enable-cors": true,<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">
"cors-allowed-methods" : "POST, PUT, DELETE, GET"<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">}</span><span
lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">In Keycloak I’ve defined
the BrandFrontend:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Enabled:
true<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Client
Protocol: openid-connect<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Access
Type: public<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Redirect
URL:
<a moz-do-not-send="true" href="http://162.244.28.89/*">http://162.244.28.89/*</a><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:10.0pt;font-family:Consolas" lang="EN-US">Web
Origin:
<a moz-do-not-send="true" href="http://162.244.28.89">http://162.244.28.89</a></span><span
lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">For the AngularJS part
I’ve used the </span>
<span style="font-size:10.0pt;font-family:Consolas"
lang="EN-US">authinterceptor from the example</span><span
lang="EN-US">.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">If you have read until
here.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Thank you very much and
sorry for my bad English
</span><span style="font-family:Wingdings" lang="EN-US">J</span><span
lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Greets<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Rob<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>