Might be that it's expecting a token in the ajax request rather than
checking for a session, not 100% sure though. RichFaces won't work unless
we can support securing the requests from the session.
Can you create a JIRA bug for this please? If you can attach a simple
example we can build and deploy to reproduce the issue that would be
extremely helpful and we would be able to look at it sooner.
On 12 January 2017 at 07:16, Adam Daduev <daduev.ad(a)gmail.com> wrote:
After login, i get in my app, and for all my ajax request from page
to
backing bean, i receive response 401 even if the session is still alive.
If removed autodetect-bearer-only option, all work fine, but going back to
the old error.
XMLHttpRequest cannot load
http://dc09-apps-06:8090/auth/
realms/azovstal/protocol/openid-connect/auth?…ml&state=
60%2F01fc2e79-6fc0-46b8-9f83-39b7421fedf9&login=true&scope=openid. No
'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:8080' is therefore not allowed access.
---------- Forwarded message ---------
From: Adam Daduev <daduev.ad(a)gmail.com>
Date: вт, 10 янв. 2017 г. в 14:08
Subject: Re: [keycloak-user] Error when session expired and ajax request
execute in Keycloak?
To: <stian(a)redhat.com>
I tried, but does not work.
Firstly, i add autodetect-bearer-only option via adapter subsystem, wildfly
not started, he not know autodetect-bearer-only option, then, i added via
json, wildfly started and app was deployed.
Secondly, on my ajax request to backing bean, i receive response 401 and
does not happend.
This is my keycloak.json
{
"realm": "azovstal",
"auth-server-url": "http://dc09-apps-06:8090/auth",
"ssl-required": "none",
"resource": "web-test",
"public-client": true,
"use-resource-role-mappings": true,
"autodetect-bearer-only": true
}
вт, 10 янв. 2017 г. в 10:19, <daduev.ad(a)gmail.com>:
Ok, I try, thanks.
10 янв. 2017 г., в 07:07, Stian Thorgersen <sthorger(a)redhat.com>
написал(а):
In that case take a look at the new autodetect-bearer-only option. You'll
need 2.5.0.Final for that.
On 9 January 2017 at 19:18, <daduev.ad(a)gmail.com> wrote:
No, I have jsf 2 app with richfaces framework, which deploy on wildfly
10.1.
9 янв. 2017 г., в 14:51, Stian Thorgersen <sthorger(a)redhat.com>
написал(а):
[Adding list back]
A web app redirects the user to a login page if not authenticated, while a
service should return a 401.
It sounds like what you have is a JS application with a service backend. In
Keycloak you should have two separate types of clients for that. The JS
application should be a public client, while the services a bearer-only
client.
On 9 January 2017 at 13:39, Adam Daduev <daduev.ad(a)gmail.com> wrote:
Thanks for the answer.
Yes i have confidential client, i have web application, that asks
Keycloak server
to authenticate a user for them. As I understand, bearer-only is for web
services clients.
I probably something do not understand?
2017-01-09 11:44 GMT+02:00 Stian Thorgersen <sthorger(a)redhat.com>:
Looks like your services are configured as confidential clients rather than
bearer-only and hence is sending a login request back rather than a 401.
You should either swap your service war to be a bearer-only client or use
the new autodetect-bearer-only option in adapters if you have both web
pages and services in the same war.
On 8 January 2017 at 23:29, Adam Daduev <daduev.ad(a)gmail.com> wrote:
Hi, can you help me!
When session expired and ajax request execute in Keycloak, i have error in
browser console:
XMLHttpRequest cannot load
http://dc09-apps-06:8090/auth/
realms/azovstal/protocol/openid-connect/auth?…ml&state=
60%2F01fc2e79-6fc0-46b8-9f83-39b7421fedf9&login=true&scope=openid. No
'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:8080' is therefore not allowed access.
I add in Keycloak admin console, in the client setting, Web Origins=
http://localhost:8080 (or *), and enabled cors in app, but still has error
in console. I used Keycloak 2.5.0
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user