Re: [keycloak-user] CORS Headers not present on OPTIONS request
Hello,
Le Mardi, Juillet 23, 2019 22:44 CEST, David Leonard <David.Leonard(a)flexential.com>
a écrit:
Hello everyone,
We're running a Keycloak 6.0.1 cluster running in kubernetes, and we're
running into issues with CORS requests by Kibana as a part of
refreshing the access token. Here is the situation
1. User logs into the SP and is able to successfully authenticate.
2. The users token expires in the background.
3. The SP notices this expired token, and attempts to refresh the token
starting to issue an auth request to Keycloak. It issues an 'OPTIONS'
request to determine what it can perform, and this request is missing
headers..
I may have missed something, but I don't understand this.
As I see it, there are two options when a token expires :
- try to refresh it with the refresh token you got (on the /protocol/openid-connect/token
endpoint which should provides the correct CORS headers)
- if it failed, redirect the user through the authentication (so no request by the
javascript, only a redirect, no CORS involved)
What do you use to manage authentication in kibana?
Cédric