[keycloak-user] KeyCloak Server and HTTP OPTIONS (JSF/Primefaces behind KC Adapter)
Raul Fechete
rfechete at grid-applications.com
Thu Mar 21 07:43:26 EDT 2019
Hello,
I'm trying to build what should be a trivial setup, but I'm having trouble getting to work properly.
I have a JSF Application running on JBoss EAP 7.2, secured by the KC Java Adapter. The initial login flow works perfectly fine (browser asks for website, adapter intercepts and redirects to KC, user logs in with KC and is being redirected back to the website).
Now, the JSF application often uses POST requests. If the user has been logged out (e.g. in KC directly), clicking anywhere on the website triggers a POST request to the application, which is being intercepted by the KC Adapter and redirected (302) to KC. This would be fine, but the problem is, the browser then performs a HTTP *OPTIONS* call to KC instead of HTTP GET, and the KC just returns 204 without any further information. I also noticed that the KC Server *always* replies with an empty 204 to a HTTP OPTIONS call, even if there is nothing else in the request.
Is there any way to configure the handling of the OPTIONS requests in KC? Alternatively, is it possible to configure the adapter to send a 303 and thereby force the browser to perform a GET request? Or am I doing something conceptually wrong?
Any help would be appreciated!
Thank you very much!
Cheers, Raul
More information about the keycloak-user
mailing list