[Adding list back]
A web app redirects the user to a login page if not authenticated, while a
service should return a 401.
It sounds like what you have is a JS application with a service backend. In
Keycloak you should have two separate types of clients for that. The JS
application should be a public client, while the services a bearer-only
On 9 January 2017 at 13:39, Adam Daduev <daduev.ad(a)gmail.com> wrote:
Thanks for the answer.
Yes i have confidential client, i have web application, that asks Keycloak server
to authenticate a user for them. As I understand, bearer-only is for web
I probably something do not understand?
2017-01-09 11:44 GMT+02:00 Stian Thorgersen <sthorger(a)redhat.com>:
> Looks like your services are configured as confidential clients rather
> than bearer-only and hence is sending a login request back rather than a
> 401. You should either swap your service war to be a bearer-only client or
> use the new autodetect-bearer-only option in adapters if you have both web
> pages and services in the same war.
> On 8 January 2017 at 23:29, Adam Daduev <daduev.ad(a)gmail.com> wrote:
>> Hi, can you help me!
>> When session expired and ajax request execute in Keycloak, i have error
>> browser console:
>> XMLHttpRequest cannot load http://dc09-apps-06:8090/auth/
>> 60%2F01fc2e79-6fc0-46b8-9f83-39b7421fedf9&login=true&scope=openid. No
>> 'Access-Control-Allow-Origin' header is present on the requested
>> Origin 'http://localhost:8080' is therefore not allowed access.
>> I add in Keycloak admin console, in the client setting, Web Origins=
(or *), and enabled cors in app, but still has
>> in console. I used Keycloak 2.5.0
>> keycloak-user mailing list