Re: [keycloak-user] Resolution for 99% of CORS's problems

Thanks for posting your solution, Karol.  I have been having trouble with Keycloak CORS also.  I followed your suggestion: 1 - set client Web Origins 2 - in Keycloak.json, added "enable-cors": true /usr/share/tomcat/webapps/main/WEB-INF]-bash-$  cat keycloak.json{      "realm": "rtna",        "realm-public-key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvJlVZqi8KaZDZVPPl29y/nnPBHaPvH+NoG71w6BMDwIImw6vkNlO3CSr+kRAyLnpnP/9248gEZx6YwqEKwE4Oy5R6wuuxwOd2FdpYFM2wDw5zhF7U4oYy0WK1m31/hQdLGnpKtDdGReEwdkMOMtG655Nnqw8WdtmF3S2XcEm2t0gaNoYycd6gl4670nRqx6bRxs6UndERHZmHfkzLcL71RflgO1cyuOqMsjMb7oWIDy5bkE4ddB69TAbrpXVzLvwG1OIaM/XdfXOZIaIAajfacP3Vk8bZFa9eAsh5BVaeGzlqktsdk1JjbV0a14OVXQcCRusnV2wE+zSZhPNxhfFwIDAQAB",          "auth-server-url": "https://135.112.123.194:8666/auth",            "ssl-required": "external",              "resource": "main",                "public-client": true,                "enable-cors": true} I am still getting error: 135.112.123.183/:1 XMLHttpRequest cannot load https://135.112.123.194:8666/auth/realms/rtna/protocol/openid-connect/token. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://135.112.123.183' is therefore not allowed access. I also tried to add request header in  /opt/sso/keycloak/standalone/configuration/standalone.xml, not working either. - If standalone.xml has <response-header name="Access-Control-Allow-Origin" header-name="Access-Control-Allow-Origin" header-value="*"/>: I get the error:(index):82 keycloak init done...... (index):1 XMLHttpRequest cannot load https://135.112.123.194:8666/auth/realms/rtna/protocol/openid-connect/token. The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'https://135.112.123.183' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute. Is there anything I am missing?  Any idea how to make it work would be appreciated!! On Wednesday, September 20, 2017, 4:14:00 AM EDT, Karol Buler <K.Buler(a)adbglobal.com&gt; wrote: Hi, after huge amounts of hours of investigations I found the resolution for almost all problems with CORS. I decided that maybe I am not alone with it, so here you go: 1. Go to admin console of Keycloak and set 'Web Origins' of your client to address of your application (or just * ). 2. In your application.properties (keycloak.json) set keycloak.cors = true (don't know the name of this property in keycloak.json). 3. Thats it! Only 2 steps resolves almost all my problems with CORS in our applications. Best regards, Karol [https://www.adbglobal.com/wp-content/uploads/adb.png] adbglobal.com<https://www.adbglobal.com> [https://www.adbglobal.com/wp-content/uploads/linkedin_logo.png]<https:...       [https://www.adbglobal.com/wp-content/uploads/twitter_logo.png] <https://twitter.com/adb_global>        [https://www.adbglobal.com/wp-content/uploads/pinterest_logo.png] <https://pinterest.com/adbglobal/pins/> [https://www.adbglobal.com/wp-content/uploads/ComeJoin.jpg]<https://www... _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user