[keycloak-user] Enable CORS

Tero Ahonen Tero.Ahonen at cybercom.com
Tue Nov 10 04:45:18 EST 2015


I’m have a same king of test page. Single html page that gets token from keycloak and then access resource secured also with keycloak (bearer only). I use keycloak javascript client and that handles CORS stuff nice and smooth. In your case if realms client web origin settings are ok, it should work. Have u used Firebug etc. to check does your client make OPTIONS request for CORS ?

.t
On 10 Nov 2015, at 11:38 AM, Revanth Ayalasomayajula <revanth at arvindinternet.com<mailto:revanth at arvindinternet.com>> wrote:

Hi

Here is my case. I don't have an keycloak.json. I just have a single html page, locally that makes an ajax call to a confidential application behind keycloak to get a html page. So now i am redirected to another url and then to a keycloak login Url. On requesting this url, it gives me a CORS error. In the web origins of the confidential app i am trying to access, i have added my local url. Is this supposed to work or am i to add the url else where also??

Thanks.

On Tue, Nov 10, 2015 at 2:52 PM, Tero Ahonen <Tero.Ahonen at cybercom.com<mailto:Tero.Ahonen at cybercom.com>> wrote:
Hi,

I’m very new to with keycloak, but I think that u always have to define client in the keycloak config. in keycloak.json client is defined in field resource

.t

On 10 Nov 2015, at 11:11 AM, Revanth Ayalasomayajula <revanth at arvindinternet.com<mailto:revanth at arvindinternet.com>> wrote:

Hi,

Thanks for the quick reply. I wanted to know, as i am requesting the login page of keycloak for a particular realm, which client in that realm should i add this web origins to??

Thanks.

On Tue, Nov 10, 2015 at 2:37 PM, Tero Ahonen <Tero.Ahonen at cybercom.com<mailto:Tero.Ahonen at cybercom.com>> wrote:
At least this worked for me, using laters version.

Enable cors in the client by setting enable-cors field to client app's keycloak.json (if u are using one)

    "enable-cors": true,


Then from admin console set realm’s client settings Web Origins setting to match your origins.

.t
> On 10 Nov 2015, at 11:01 AM, Revanth Ayalasomayajula <revanth at arvindinternet.com<mailto:revanth at arvindinternet.com>> wrote:
>
> Hi,
>
> I am using keycloak1.5.0 to secure a few of my applications and i want to request the keycloak's Login page from an ajax call. It is currently giving me a CORS error. So i wanted to know how do i enable CORS support or add my URL to allowed set??
>
> Thanks.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151110/1965f9bc/attachment-0001.html 


More information about the keycloak-user mailing list