[keycloak-user] CORS Headers not present on OPTIONS request
cedric@couralet.eu
cedric at couralet.eu
Wed Jul 24 01:43:07 EDT 2019
Hello,
Le Mardi, Juillet 23, 2019 22:44 CEST, David Leonard <David.Leonard at flexential.com> a écrit:
> Hello everyone,
>
> We're running a Keycloak 6.0.1 cluster running in kubernetes, and we're
> running into issues with CORS requests by Kibana as a part of
> refreshing the access token. Here is the situation
>
> 1. User logs into the SP and is able to successfully authenticate.
> 2. The users token expires in the background.
> 3. The SP notices this expired token, and attempts to refresh the token
> starting to issue an auth request to Keycloak. It issues an 'OPTIONS'
> request to determine what it can perform, and this request is missing
> headers..
I may have missed something, but I don't understand this.
As I see it, there are two options when a token expires :
- try to refresh it with the refresh token you got (on the /protocol/openid-connect/token endpoint which should provides the correct CORS headers)
- if it failed, redirect the user through the authentication (so no request by the javascript, only a redirect, no CORS involved)
What do you use to manage authentication in kibana?
Cédric
More information about the keycloak-user
mailing list