Re: [keycloak-user] No 'Access-Control-Allow-Origin' header is present on the requested resource

This doesn’t appear to be Keycloak related at all. This is just CORS errors on your API. Try reading up here for some more background. https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS But in short, what you need to do is have your API respond with a couple of headers; primarily the 'Access-Control-Allow-Origin' header so the browser knows that XHR calls to the domain http://localhost:8081 are allowed be called from pages that are served off of the domain http://localhost:9000 -- Christopher Savory Software Engineer | EdLogics www.edlogics.com From: Grant Marrow <grantmarrow(a)gmail.com&gt; Date: Wednesday, November 16, 2016 at 2:07 PM To: Chris Savory <chris.savory(a)edlogics.com&gt;, " keycloak-user(a)lists.jboss.org&quot; <keycloak-user(a)lists.jboss.org&gt; Subject: Re: [keycloak-user] No 'Access-Control-Allow-Origin' header is present on the requested resource Ok below is a step by step of events: 1. User navigates to web application at http://localhost:9000 2. Use clicks the sign in button at http://localhost:9000/login 3. User is redirected to keycloak at http://localhost:8080 to login 4. Once signed in the user ia redirected to http://localhost:9000 5. Authenticated User navigates to registrations page at http://localhost:9000/registrations. During this step a http GET request is done to http://localhost:8081/leap-service/resouces/private/ registrations. At the above step the error occurs. Please let me know if you need more information. Thanks Regards Grant On 16 Nov 2016 20:26, "Grant Marrow" <grantmarrow(a)gmail.com&gt; wrote: Hi Chris Thanks for getting back to me. I have done that and it didnt work. I have also tired adding *. That did not work as well. What else can I try? Please let me know. Thanks Regards Grant On 16 Nov 2016 20:15, "Chris Savory" <chris.savory(a)edlogics.com&gt; wrote: In the admin, click on Clients, then select your client. Do you have any values for “Web Origins” there? If not, you need to add ‘http://localhost:9000’ -- Christopher Savory Software Engineer | EdLogics www.edlogics.com <http://www.edlogics.com/> <http://www.edlogics.com/> <https://www.linkedin.com/company/edlogics> <https://twitter.com/EdLogics > On 11/16/16, 1:08 PM, &quot;keycloak-user-bounces(a)lists.jboss.org on behalf of Grant Marrow" <keycloak-user-bounces(a)lists.jboss.org on behalf of grantmarrow(a)gmail.com&gt; wrote: Hi, I really need some help. I keep on getting the following error: *No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000 <http://localhost:9000/>' is therefore not allowed access. The response had HTTP status code 500.* This is my setup: *Front End:* - angular 1.5 web application running at http://localhost:9000 - client configuration on keycloak admin console: - keycloak.json: { "realm": "leap", "auth-server-url": "http://localhost:8080/auth", "ssl-required": "external", "resource": "leap-web", "public-client": true } *Auth Server* - keycloak version 2.30Final running at http://localhost:8080 *Web service* - java REST service running on Tomcat version 8.5 - client config on keycloak admin console: - web.xml of rest service: <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns=" http://java.sun.com/xml/ns/javaee" xsi:schemaLocation=" http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> <display-name>Archetype Created Web Application</display-name> <module-name>leap-service</module-name> <listener> <listener-class>com.hm.leap.service.init.ContextListener</ listener-class> </listener> <context-param> <param-name>persistentUnit</param-name> <param-value>leap</param-value> </context-param> <security-constraint> <web-resource-collection> <web-resource-name>Leap-Service</web-resource-name> <url-pattern>/resources/private/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>KEYCLOAK</auth-method> <realm-name>leap</realm-name> </login-config> <security-role> <role-name>user</role-name> </security-role> </web-app> - I also have the valve setup on my context.xml that lives in the META-INF directory <Context path="/leap-service"> <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/> </Context> - keycloak.json: { "realm": "leap", "bearer-only": true, "auth-server-url": "http://localhost:8080/auth", "ssl-required": "external", "resource": "leap-service", "enable-cors": true } The error occurs in the following scenario: - The angular web app launches, the user clicks the login button which redirects to Keycloak. The user signs in. The user then tries navigates to another page. This page then executes a GET request on my REST service which returns a list which is displayed in a table. But while executing the GET request, I receive the error: *No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000 <http://localhost:9000/>' is therefore not allowed access. The response had HTTP status code 500.* In my Tomcat log file. I see the following warning message: *11-Nov-2016 11:28:19.464 WARNING [http-nio-8081-exec-2] org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage No login page was defined for FORM authentication in context [/leap-service]* I really can't seen to pinpoint the error. I find it quite strange because I have the same setup but using an older version of keycloak (1.9*), which worked fine. I know this might be a silly problem, but if you have some time to help me, I would really appreciate it. Thanks. Regards Grant _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user