[keycloak-user] CORS problems
sesnor.silva at sapo.pt
sesnor.silva at sapo.pt
Tue May 23 09:03:40 EDT 2017
Hello,
I have protected a Java web application that's compiled in a WAR
package and accessible through a Tomcat 8 sever. To do this I followed
the steps here:
https://keycloak.gitbooks.io/documentation/securing_apps/topics/oidc/java/tomcat-adapter.html
My Java Application is a RESTful API which can only be accessed by
authorized users that bear a token.
In Keycloak I configured my client (and keycloak.json) as follows:
{
"realm": "MainDomain",
"bearer-only": true,
"auth-server-url": "http://<My Keycloak Server>:8081/auth",
"ssl-required": "none",
"resource": "main-domain-server"
}
If I have a valid token I can access the service fine through cURL
requests. However, using any browser (Firefox, Chrome, Opera, expect
IE, which for some reason works) I can't access any resource through
AJAX as I get CORS problems:
"Response to preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://localhost:3000' is therefore not allowed
access. The response had HTTP status code 401."
I searched around and found I should put "enable_cors": true in my
keycloak.json, however this causes the following CORS problem:
"The 'Access-Control-Allow-Origin' header contains multiple values
'http://localhost:3000, http://localhost:3000', but only one is
allowed. Origin 'http://localhost:3000' is therefore not allowed
access."
I think I'm out of ideas at the moment on what could be causing this.
Does anyone have any idea what could be wrong in my configuration?
My best regards,
Silva
More information about the keycloak-user
mailing list