[keycloak-user] Resolution for 99% of CORS's problems

Karol Buler K.Buler at adbglobal.com
Tue Sep 26 04:01:43 EDT 2017


I had exactly the same problem with "Access-Control-Allow-Origin" and my 
solution resolved this. Which version of KC do you have? I'm using 
3.2.1.Final for now and didn't check on other versions.

In other hand what do you type into Web Origins? '*' or 
'https://135.112.123.183' ?


On 25.09.2017 20:43, shimin q wrote:
> Thanks for posting your solution, Karol.  I have been having trouble 
> with Keycloak CORS also.  I followed your suggestion:
>
> 1 - set client Web Origins
> 2 - in Keycloak.json, added "enable-cors": true
>
> /usr/share/tomcat/webapps/main/WEB-INF]-bash-$  cat keycloak.json
> {
>       "realm": "rtna",
>         "realm-public-key": 
> "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvJlVZqi8KaZDZVPPl29y/nnPBHaPvH+NoG71w6BMDwIImw6vkNlO3CSr+kRAyLnpnP/9248gEZx6YwqEKwE4Oy5R6wuuxwOd2FdpYFM2wDw5zhF7U4oYy0WK1m31/hQdLGnpKtDdGReEwdkMOMtG655Nnqw8WdtmF3S2XcEm2t0gaNoYycd6gl4670nRqx6bRxs6UndERHZmHfkzLcL71RflgO1cyuOqMsjMb7oWIDy5bkE4ddB69TAbrpXVzLvwG1OIaM/XdfXOZIaIAajfacP3Vk8bZFa9eAsh5BVaeGzlqktsdk1JjbV0a14OVXQcCRusnV2wE+zSZhPNxhfFwIDAQAB",
>           "auth-server-url": "https://135.112.123.194:8666/auth",
>             "ssl-required": "external",
>               "resource": "main",
>                 "public-client": true,
>                 "enable-cors": true
> }
>
> I am still getting error:
>
> 135.112.123.183/:1 XMLHttpRequest cannot load 
> https://135.112.123.194:8666/auth/realms/rtna/protocol/openid-connect/token. 
> No 'Access-Control-Allow-Origin' header is present on the requested 
> resource. Origin 'https://135.112.123.183' is therefore not allowed 
> access.
>
> I also tried to add request header in 
>  /opt/sso/keycloak/standalone/configuration/standalone.xml, not 
> working either.
>
>   * If standalone.xml has <response-header
>     name="Access-Control-Allow-Origin"
>     header-name="Access-Control-Allow-Origin" header-value="*"/>:
>
> I get the error:(index):82 keycloakinit done......
>
> (index):1 XMLHttpRequest cannot load 
> https://135.112.123.194:8666/auth/realms/rtna/protocol/openid-connect/token. 
> The value of the 'Access-Control-Allow-Origin' header in the response 
> must not be the wildcard '*' when the request's credentials mode is 
> 'include'. Origin 'https://135.112.123.183' is therefore not allowed 
> access. The credentials mode of requests initiated by the 
> XMLHttpRequest is controlled by the withCredentials attribute.
>
> Is there anything I am missing?  Any idea how to make it work would be 
> appreciated!!
>
>
>
>
>
>
>
>
>
>
> On Wednesday, September 20, 2017, 4:14:00 AM EDT, Karol Buler 
> <K.Buler at adbglobal.com> wrote:
>
>
> Hi,
>
> after huge amounts of hours of investigations I found the resolution 
> for almost all problems with CORS. I decided that maybe I am not alone 
> with it, so here you go:
>
> 1. Go to admin console of Keycloak and set 'Web Origins' of your 
> client to address of your application (or just * ).
>
> 2. In your application.properties (keycloak.json) set keycloak.cors = 
> true (don't know the name of this property in keycloak.json).
>
> 3. Thats it! Only 2 steps resolves almost all my problems with CORS in 
> our applications.
>
> Best regards,
> Karol
>
> [https://www.adbglobal.com/wp-content/uploads/adb.png]
> adbglobal.com<https://www.adbglobal.com>
> [https://www.adbglobal.com/wp-content/uploads/linkedin_logo.png]<https://www.linkedin.com/company-beta/162280/> 
>       [https://www.adbglobal.com/wp-content/uploads/twitter_logo.png] 
> <https://twitter.com/adb_global>       
> [https://www.adbglobal.com/wp-content/uploads/pinterest_logo.png] 
> <https://pinterest.com/adbglobal/pins/>
> [https://www.adbglobal.com/wp-content/uploads/ComeJoin.jpg]<https://www.adbglobal.com/meet-us-at-ibc2017/>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list