7:55 a.m.
Hi,
We are using keycloak as a SAML2 IdP for a web application (SOGo).
Logging on works fine, however, after a while SOGo stops working.
I asked SOGo support to take a look at this, and they told me: "You'll
need to enable CORS headers on our IdP keycloak.ourcompany.com so I can
continue the debugging. The redirect is currently blocked for this reason."
I cannot find any keycloak toggle that would enable CORS headers. Could
anyone tell me how to do this..?
MJ
10:28 a.m.
Hi,
I have read some more, but would still some feedback from the experts
here. :-) Here's what I think I learned:
We are using apache as a proxy in front of keycloak, configured like this:
ProxyPreserveHost On
ProxyVia Off
ProxyRequests Off
ProxyPass / "http://localhost:8080/"
ProxyPassReverse / "http://localhost:8080/"
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
After reading https://awesometoast.com/cors/ and
http://enable-cors.org/server_apache.html it seems I have to add CORS
headers in apache config, so I added:
Header always set Access-Control-Allow-Origin "*"
The "*" in this line feels like opening a large security hole...
But any comments on the above?
MJ
On 17-4-2018 14:55, lists wrote:
Hi,
We are using keycloak as a SAML2 IdP for a web application (SOGo).
Logging on works fine, however, after a while SOGo stops working.
I asked SOGo support to take a look at this, and they told me: "You'll
need to enable CORS headers on our IdP keycloak.ourcompany.com so I can
continue the debugging. The redirect is currently blocked for this reason."
I cannot find any keycloak toggle that would enable CORS headers. Could
anyone tell me how to do this..?
MJ
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2456
days inactive
2456
days old
1 comments
1 participants
participants (1)
-
lists