[keycloak-user] No 'Access-Control-Allow-Origin' header is present on the requested resource

Chris Savory chris.savory at edlogics.com
Thu Nov 17 11:35:00 EST 2016


Sounds like our app is configured a bit different than yours.  We have a Filter installed that adds these CORS headers to the response and it’s been there since before we integrated with Keycloack.  Hence, we don’t need to rely on Keycloak to add them for us. 

--
Christopher Savory
Software Engineer | EdLogics
www.edlogics.com
 



From: Grant Marrow <grantmarrow at gmail.com>
Date: Wednesday, November 16, 2016 at 2:51 PM
To: James Falkner <jfalkner at redhat.com>
Cc: "keycloak-user at lists.jboss.org" <keycloak-user at lists.jboss.org>, Chris Savory <chris.savory at edlogics.com>
Subject: Re: [keycloak-user] No 'Access-Control-Allow-Origin' header is present on the requested resource

Hi James
Yes I have used the chrome and firefox  postmaster addon to process the same HTTP GET request to my rest service. 
During this request I added the authorisation bearer header with a valid token and it still returned the same error. 
The only time it worked was when I  stripped out keycloak completely and just added the standard cors configuration in my web.xml of my service worked successfully. That's why I'm leaning to the fact that it might be a keycloak error. 
Regards
Grant
On 16 Nov 2016 21:39, "James Falkner" <jfalkner at redhat.com> wrote:
In the developer console in your browser, can you verify that the proper Authorization header is being passed in the REST call? Something like 'Authorization: bearer <token>'.

-James


Grant Marrow
November 16, 2016 at 2:22 PM
I'm familiar with cors. I have used the exact same setup with versions 1.3,
1.4 and 1.9 version of keycloak. This problem has started since I upgraded
to version 2.3 if keycloak.

I have also tried adding the cors-enabled-headers and cors-enabled-methods
properties to the keycloak.json file on my rest service application and
that did not work as well.
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Chris Savory
November 16, 2016 at 2:11 PM
This doesn’t appear to be Keycloak related at all. This is just CORS errors on your API. 

Try reading up here for some more background. https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

But in short, what you need to do is have your API respond with a couple of headers; primarily the 'Access-Control-Allow-Origin' header so the browser knows that XHR calls to the domain http://localhost:8081 are allowed be called from pages that are served off of the domain http://localhost:9000 

--
Christopher Savory
Software Engineer | EdLogics
www.edlogics.com
 



From: Grant Marrow <grantmarrow at gmail.com>
Date: Wednesday, November 16, 2016 at 2:07 PM
To: Chris Savory <chris.savory at edlogics.com>, "keycloak-user at lists.jboss.org" <keycloak-user at lists.jboss.org>
Subject: Re: [keycloak-user] No 'Access-Control-Allow-Origin' header is present on the requested resource

Ok below is a step by step of events:
1. User navigates to web application at http://localhost:9000
2. Use clicks the sign in button at http://localhost:9000/login
3. User is redirected to keycloak at http://localhost:8080 to login
4. Once signed in the user ia redirected to http://localhost:9000
5. Authenticated User navigates to registrations page at http://localhost:9000/registrations. During this step a http GET request is done to http://localhost:8081/leap-service/resouces/private/registrations.
At the above step the error occurs. Please let me know if you need more information. Thanks
Regards 
Grant
On 16 Nov 2016 20:26, "Grant Marrow" <grantmarrow at gmail.com> wrote:
Hi Chris 
Thanks for getting back to me.  I have done that and it didnt work.  I have also tired adding *. That did not work as well. What else can I try? 
Please let me know. Thanks 
Regards 
Grant  
On 16 Nov 2016 20:15, "Chris Savory" <chris.savory at edlogics.com> wrote:
In the admin, click on Clients, then select your client.  Do you have any values for “Web Origins” there?  If not, you need to add ‘http://localhost:9000’

--
Christopher Savory
Software Engineer | EdLogics
www.edlogics.com <http://www.edlogics.com/>

 <http://www.edlogics.com/>
 <https://www.linkedin.com/company/edlogics> <https://twitter.com/EdLogics>

On 11/16/16, 1:08 PM, "keycloak-user-bounces at lists.jboss.org on behalf of Grant Marrow" <keycloak-user-bounces at lists.jboss.org on behalf of grantmarrow at gmail.com> wrote:

    Hi,

    I really need some help. I keep on getting the following error:


    *No 'Access-Control-Allow-Origin' header is present on the requested
    resource. Origin 'http://localhost:9000 <http://localhost:9000/>' is
    therefore not allowed access. The response had HTTP status code 500.*

    This is my setup:

    *Front End:*
    - angular 1.5 web application running at http://localhost:9000
    - client configuration on keycloak admin console:
    - keycloak.json:

    {
      "realm": "leap",
      "auth-server-url": "http://localhost:8080/auth",
      "ssl-required": "external",
      "resource": "leap-web",
      "public-client": true
    }


    *Auth Server*
    - keycloak version 2.30Final running at http://localhost:8080

    *Web service*
    - java REST service running on Tomcat version 8.5
    - client config on keycloak admin console:
    - web.xml of rest service:

    <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="
    http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="
    http://java.sun.com/xml/ns/javaee
    http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID"
    version="3.0">
      <display-name>Archetype Created Web Application</display-name>
      <module-name>leap-service</module-name>
     <listener>
        <listener-class>com.hm.leap.service.init.ContextListener</listener-class>

      </listener>
    <context-param>
    <param-name>persistentUnit</param-name>
    <param-value>leap</param-value>
    </context-param>

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Leap-Service</web-resource-name>
      <url-pattern>/resources/private/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>user</role-name>
      </auth-constraint>
      </security-constraint>

       <login-config>
            <auth-method>KEYCLOAK</auth-method>
            <realm-name>leap</realm-name>
       </login-config>

      <security-role>
      <role-name>user</role-name>
      </security-role>

    </web-app>

    - I also have the valve setup on my context.xml that lives in the META-INF
    directory
    <Context path="/leap-service">
    <Valve
    className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>

    </Context>

    - keycloak.json:

    {
      "realm": "leap",
      "bearer-only": true,
      "auth-server-url": "http://localhost:8080/auth",
      "ssl-required": "external",
      "resource": "leap-service",
      "enable-cors": true
    }

    The error occurs in the following scenario:
    - The angular web app launches, the user clicks the login button which
    redirects to Keycloak. The user signs in. The user then tries navigates to
    another page. This page then executes a GET request on my REST service
    which returns a list which is displayed in a table. But while executing the
    GET request, I receive the error:

    *No 'Access-Control-Allow-Origin' header is present on the requested
    resource. Origin 'http://localhost:9000 <http://localhost:9000/>' is
    therefore not allowed access. The response had HTTP status code 500.*

    In my Tomcat log file. I see the following warning message:


    *11-Nov-2016 11:28:19.464 WARNING [http-nio-8081-exec-2]
    org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage No
    login page was defined for FORM authentication in context [/leap-service]*

    I really can't seen to pinpoint the error. I find it quite strange because
    I have the same setup but using an older version of keycloak (1.9*), which
    worked fine. I know this might be a silly problem, but if you have some
    time to help me, I would really appreciate it. Thanks.

    Regards
    Grant
    _______________________________________________
    keycloak-user mailing list
    keycloak-user at lists.jboss.org
    https://lists.jboss.org/mailman/listinfo/keycloak-user




_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Grant Marrow
November 16, 2016 at 2:07 PM
Ok below is a step by step of events:

1. User navigates to web application at http://localhost:9000

2. Use clicks the sign in button at http://localhost:9000/login

3. User is redirected to keycloak at http://localhost:8080 to login

4. Once signed in the user ia redirected to http://localhost:9000

5. Authenticated User navigates to registrations page at
http://localhost:9000/registrations. During this step a http GET request is
done to http://localhost:8081/leap-service/resouces/private/registrations.

At the above step the error occurs. Please let me know if you need more
information. Thanks

Regards
Grant
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Chris Savory
November 16, 2016 at 1:15 PM
In the admin, click on Clients, then select your client. Do you have any values for “Web Origins” there? If not, you need to add ‘http://localhost:9000’

--
Christopher Savory
Software Engineer | EdLogics
www.edlogics.com <http://www.edlogics.com/>

<http://www.edlogics.com/>
<https://www.linkedin.com/company/edlogics> <https://twitter.com/EdLogics>

On 11/16/16, 1:08 PM, "keycloak-user-bounces at lists.jboss.org on behalf of Grant Marrow" <keycloak-user-bounces at lists.jboss.org on behalf of grantmarrow at gmail.com> wrote:

Hi,

I really need some help. I keep on getting the following error:


*No 'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://localhost:9000 <http://localhost:9000/>' is
therefore not allowed access. The response had HTTP status code 500.*

This is my setup:

*Front End:*
- angular 1.5 web application running at http://localhost:9000
- client configuration on keycloak admin console:
- keycloak.json:

{
"realm": "leap",
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "leap-web",
"public-client": true
}


*Auth Server*
- keycloak version 2.30Final running at http://localhost:8080

*Web service*
- java REST service running on Tomcat version 8.5
- client config on keycloak admin console:
- web.xml of rest service:

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="
http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID"
version="3.0">
<display-name>Archetype Created Web Application</display-name>
<module-name>leap-service</module-name>
<listener>
<listener-class>com.hm.leap.service.init.ContextListener</listener-class>

</listener>
<context-param>
<param-name>persistentUnit</param-name>
<param-value>leap</param-value>
</context-param>

<security-constraint>
<web-resource-collection>
<web-resource-name>Leap-Service</web-resource-name>
<url-pattern>/resources/private/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>leap</realm-name>
</login-config>

<security-role>
<role-name>user</role-name>
</security-role>

</web-app>

- I also have the valve setup on my context.xml that lives in the META-INF
directory
<Context path="/leap-service">
<Valve
className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>

</Context>

- keycloak.json:

{
"realm": "leap",
"bearer-only": true,
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "leap-service",
"enable-cors": true
}

The error occurs in the following scenario:
- The angular web app launches, the user clicks the login button which
redirects to Keycloak. The user signs in. The user then tries navigates to
another page. This page then executes a GET request on my REST service
which returns a list which is displayed in a table. But while executing the
GET request, I receive the error:

*No 'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://localhost:9000 <http://localhost:9000/>' is
therefore not allowed access. The response had HTTP status code 500.*

In my Tomcat log file. I see the following warning message:


*11-Nov-2016 11:28:19.464 WARNING [http-nio-8081-exec-2]
org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage No
login page was defined for FORM authentication in context [/leap-service]*

I really can't seen to pinpoint the error. I find it quite strange because
I have the same setup but using an older version of keycloak (1.9*), which
worked fine. I know this might be a silly problem, but if you have some
time to help me, I would really appreciate it. Thanks.

Regards
Grant
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user



_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Grant Marrow
November 16, 2016 at 1:08 PM
Hi,

I really need some help. I keep on getting the following error:


*No 'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://localhost:9000 <http://localhost:9000/>' is
therefore not allowed access. The response had HTTP status code 500.*

This is my setup:

*Front End:*
- angular 1.5 web application running at http://localhost:9000
- client configuration on keycloak admin console:
- keycloak.json:

{
"realm": "leap",
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "leap-web",
"public-client": true
}


*Auth Server*
- keycloak version 2.30Final running at http://localhost:8080

*Web service*
- java REST service running on Tomcat version 8.5
- client config on keycloak admin console:
- web.xml of rest service:

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="
http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID"
version="3.0">
<display-name>Archetype Created Web Application</display-name>
<module-name>leap-service</module-name>
<listener>
<listener-class>com.hm.leap.service.init.ContextListener</listener-class>

</listener>
<context-param>
<param-name>persistentUnit</param-name>
<param-value>leap</param-value>
</context-param>

<security-constraint>
<web-resource-collection>
<web-resource-name>Leap-Service</web-resource-name>
<url-pattern>/resources/private/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>leap</realm-name>
</login-config>

<security-role>
<role-name>user</role-name>
</security-role>

</web-app>

- I also have the valve setup on my context.xml that lives in the META-INF
directory
<Context path="/leap-service">
<Valve
className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>

</Context>

- keycloak.json:

{
"realm": "leap",
"bearer-only": true,
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "leap-service",
"enable-cors": true
}

The error occurs in the following scenario:
- The angular web app launches, the user clicks the login button which
redirects to Keycloak. The user signs in. The user then tries navigates to
another page. This page then executes a GET request on my REST service
which returns a list which is displayed in a table. But while executing the
GET request, I receive the error:

*No 'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://localhost:9000 <http://localhost:9000/>' is
therefore not allowed access. The response had HTTP status code 500.*

In my Tomcat log file. I see the following warning message:


*11-Nov-2016 11:28:19.464 WARNING [http-nio-8081-exec-2]
org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage No
login page was defined for FORM authentication in context [/leap-service]*

I really can't seen to pinpoint the error. I find it quite strange because
I have the same setup but using an older version of keycloak (1.9*), which
worked fine. I know this might be a silly problem, but if you have some
time to help me, I would really appreciate it. Thanks.

Regards
Grant
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user






More information about the keycloak-user mailing list