Re: [keycloak-user] No 'Access-Control-Allow-Origin' header is present on the requested resource

Bill Burke <mailto:bburke@redhat.com> November 18, 2016 at 3:56 PM RHSSO is based on 1.9.8. Bill _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user James Falkner <mailto:jfalkner@redhat.com> November 17, 2016 at 5:50 PM Hey Grant - if it's a protected URL, and you've configured web origins correctly for the client, and the adapter, and the browser is sending the right stuff - then Keycloak adapter *should* add the CORS headers. I have a few demos I've created that work in this way, but they all use the official Red Hat SSO product, based on Keycloak 1.9.4. If you use "curl" with the same headers, does it fail too? See the end of http://blog.keycloak.org/2015/10/getting-started-with-keycloak-securing.html for an example of how to obtain a token and issue a request using curl. -James Grant Marrow <mailto:grantmarrow@gmail.com> November 16, 2016 at 3:51 PM Hi James Yes I have used the chrome and firefox postmaster addon to process the same HTTP GET request to my rest service. During this request I added the authorisation bearer header with a valid token and it still returned the same error. The only time it worked was when I stripped out keycloak completely and just added the standard cors configuration in my web.xml of my service worked successfully. That's why I'm leaning to the fact that it might be a keycloak error. Regards Grant James Falkner <mailto:jfalkner@redhat.com> November 16, 2016 at 3:39 PM In the developer console in your browser, can you verify that the proper Authorization header is being passed in the REST call? Something like 'Authorization: bearer <token>'. -James Grant Marrow <mailto:grantmarrow@gmail.com> November 16, 2016 at 3:22 PM I'm familiar with cors. I have used the exact same setup with versions 1.3, 1.4 and 1.9 version of keycloak. This problem has started since I upgraded to version 2.3 if keycloak. I have also tried adding the cors-enabled-headers and cors-enabled-methods properties to the keycloak.json file on my rest service application and that did not work as well. _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user