Thanks for looking in.
On 28/05/15 12:22, "Stian Thorgersen" <stian(a)redhat.com> wrote:
----- Original Message -----
> From: "Henk Laracker" <Henk.Laracker(a)planonsoftware.com>
> To: keycloak-user(a)lists.jboss.org
> Cc: "Mark Bertels" <Mark.Bertels(a)planonsoftware.com>
> Sent: Thursday, 28 May, 2015 12:01:47 PM
> Subject: [keycloak-user] Cors not working Final 1.2
>
> Hi,
>
> Cors headers missing during login procedure of keycloak
>
>
> ===============================
> Step 1 - Prepare keycloak realm:
> ===============================
>
> Create a simple keycloak realm for testing,
>
> ===============================
> Step 2 - Create a user
> ===============================
>
> Add a user and a client to the realm
> The client should be configured as follows:
>
> Client Protocol openid-connect
> Access Type public
>
> Valid redirect uri's:
http://localhost/*
>
http://localhost
> Web origins:
http://localhost/*
>
http://localhost
>
> ===============================
> Step 3 - Create test application on tomcat
> ===============================
>
> On a given tomcat server (I'm using localhost for this example) add 2
>web
> applications:
> app1 with a simple index.html
> cors with a simple test.txt with the content "Some data"
>
> The following url's are now available:
>
http://localhost/app1/index.html
>
http://localhost/cors/test.txt
>
> In
http://localhost/app1/index.html create javascript which loads data
>from
>
http://localhost/cors/test.txt
>
> If you go to
http://localhost/app1/index.html now, a GET will be
>performed to
>
http://localhost/cors/test.txt and the data is displayed
>
>
> ===============================
> Step 4 - Adding keycloak to the applications
> ===============================
>
> Add keycloak configuration on "app1".
>
>
> Add keycloak configuration on "cors"
> Additionally, add
> "enable-cors": "true"
> to the json file.
>
> ===============================
> Step 5 - Log in to app1
> ===============================
>
> If you log in to app1 in a new browser the data from app "cors" will
>not be
> loaded. The following error will be displayed in the console of your
>browser
> (using chrome)
>
> XMLHttpRequest cannot load
>
>http://localhost-auth:8080/auth/realms/test/protocol/openid-connect/auth?
>reŠlient%2Ftest.txt&state=6%2Fa1e9817b-7f9b-4d30-ab4e-17637c9d190a&login=
>true.
> No 'Access-Control-Allow-Origin' header is present on the requested
>resource.
> Origin 'http://localhost' is therefore not allowed access.
This request to "/protocol/openid-connect/auth" makes no sense to me. How
are you invoking this? Can you include the source for index.html?
>
>
> If it loaded the data, make sure that you're logged out, or try it in
>private
> browsing mode.
>
>
> ===============================
> Expected result
> ===============================
>
> We expected "Access-Control-Allow-Origin" to be set to the "Web
>origins",
> allowing for cross-application requests without editing existing
> applications.
>
>
>
> Met vriendelijke groet / Yours sincerely / Mit freundlichen Grüßen /
>Très
> cordialement,
>
>
>
>
> Henk Laracker
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user