[keycloak-user] CORS error in Keycloak Admin REST API - Unable to create realms from React JS app

Vinay Matam vinay at dailykit.org
Tue Nov 19 09:55:56 EST 2019


Team,

Can someone please reply to my question ?
I am stuck with this issue for more than a week now.
Please help me with this.
Thank you!

On Fri, 15 Nov 2019, 7:12 pm , <keycloak-user-request at lists.jboss.org>
wrote:

> Send keycloak-user mailing list submissions to
>         keycloak-user at lists.jboss.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.jboss.org/mailman/listinfo/keycloak-user
> or, via email, send a message with subject or body 'help' to
>         keycloak-user-request at lists.jboss.org
>
> You can reach the person managing the list at
>         keycloak-user-owner at lists.jboss.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of keycloak-user digest..."
>
>
> Today's Topics:
>
>    1. Re: JBoss_Keycloak_"404 - Not Found" (Sushil Singh)
>    2. Re: Fw: Associating a REST api end point to multiple
>       resources in Keycloak in Policy Enforcer (Vishnu Prakash)
>    3. CORS error in Keycloak Admin REST API - Unable to create
>       realms from React JS app (Vinay Matam)
>    4. Re: [UMA] Access a protected resource by using a  link
>       (Pedro Igor Silva)
>    5. Re: JBoss_Keycloak_"404 - Not Found" (Naga Vijay)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 15 Nov 2019 10:08:37 +0000
> From: Sushil Singh <sushil.singh at guavus.com>
> Subject: Re: [keycloak-user] JBoss_Keycloak_"404 - Not Found"
> To: Naga Vijay <nagausb2 at gmail.com>, "keycloak-user at lists.jboss.org"
>         <keycloak-user at lists.jboss.org>, "keycloak-dev at lists.jboss.org"
>         <keycloak-dev at lists.jboss.org>
> Message-ID:
>         <
> HK2PR04MB38253C1ED2860727D495BEC8FB700 at HK2PR04MB3825.apcprd04.prod.outlook.com
> >
>
> Content-Type: text/plain; charset="us-ascii"
>
> I think , you might be countering an error while the war is deployed that
> is why it is giving 404
>
> You should identify the server logs first to identify what is failing
>
> Thanks
>
> Sushil
>
> ________________________________
> From: keycloak-user-bounces at lists.jboss.org <
> keycloak-user-bounces at lists.jboss.org> on behalf of Naga Vijay <
> nagausb2 at gmail.com>
> Sent: 13 November 2019 20:22
> To: keycloak-user at lists.jboss.org <keycloak-user at lists.jboss.org>;
> keycloak-dev at lists.jboss.org <keycloak-dev at lists.jboss.org>
> Subject: Re: [keycloak-user] JBoss_Keycloak_"404 - Not Found"
>
> As I haven't heard back from anyone, I have logged this -
> https://issues.jboss.org/browse/KEYCLOAK-12036
>
> Thanks
> Naga
>
> On Wed, Nov 13, 2019 at 5:43 AM Naga Vijay <nagausb2 at gmail.com> wrote:
>
> >
> > Hello,
> >
> > Did anyone get a chance to look into this? I am wondering whether I am
> > facing a bug. Keycloak realm, user, client definition are all in place.
> And
> > the adapter has been installed into JBoss EAP instance. Here's web.xml in
> > the hello.war ...
> >
> > <web-app xmlns="http://java.sun.com/xml/ns/javaee"
> >
> >          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >
> >          xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
> > http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
> >
> >          version="3.0">
> >
> >
> >
> >     <module-name>basicauth</module-name>
> >
> >
> >
> >     <security-constraint>
> >
> >         <web-resource-collection>
> >
> >             <url-pattern>/*</url-pattern>
> >
> >         </web-resource-collection>
> >
> >         <auth-constraint>
> >
> >             <role-name>*</role-name>
> >
> >         </auth-constraint>
> >
> >     </security-constraint>
> >
> >
> >
> >     <login-config>
> >
> >         <auth-method>KEYCLOAK</auth-method>
> >
> >         <realm-name>MyRealm</realm-name>
> >
> >     </login-config>
> >
> >
> >
> >     <security-role>
> >
> >         <role-name>*</role-name>
> >
> >     </security-role>
> > </web-app>
> >
> > And here's keycloak.json alongside web.xml ...
> >
> > {
> >
> >   "realm": "MyRealm",
> >
> >   "auth-server-url": "http://localhost:8180/auth",
> >
> >   "ssl-required": "external",
> >
> >   "resource": "dkc",
> >
> >   "public-client": true,
> >
> >   "confidential-port": 0,
> >
> >   "enable-cors" : true
> > }
> >
> > http://localhost:8080/hello gives "404 - Not Found" instead of showing
> > keycloak login page.
> >
> > What am I missing?
> >
> > Thanks
> > Naga
> >
> > On Tue, Nov 12, 2019 at 9:24 PM Naga Vijay <nagausb2 at gmail.com> wrote:
> >
> >>
> >> (+) keycloak-dev
> >>
> >> On Tue, Nov 12, 2019 at 7:56 PM Naga Vijay <nagausb2 at gmail.com> wrote:
> >>
> >>>
> >>> Hello,
> >>>
> >>> Can someone help me with this?
> >>>
> >>> ==============
> >>> Environment -
> >>> ==============
> >>>
> >>> 1. OS - Mac OS X
> >>> 2. JBoss EAP 7.1
> >>>
> >>> 3. Keycloak 7.0.1
> >>>
> >>> ==============
> >>> Issue -
> >>> ==============
> >>>
> >>> . Getting "404 - Not Found" for a simple hello.war (with KEYCLOAK as
> the
> >>> auth-method in its web.xml) when accessing http://localhost:8080/hello
> >>>
> >>> ==============
> >>> Attachments -
> >>> ==============
> >>>
> >>>    1. kc.json - export dump of keycloak database/configuration
> >>>    2. hello.war - the simple war tested with
> >>>
> >>> Let me know if you need any other info.
> >>>
> >>> Thanks
> >>>
> >>> Naga
> >>>
> >>>
> >>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 15 Nov 2019 16:01:14 +0530
> From: Vishnu Prakash <vishnuprakash323 at gmail.com>
> Subject: Re: [keycloak-user] Fw: Associating a REST api end point to
>         multiple resources in Keycloak in Policy Enforcer
> To: Sushil Singh <sushil.singh at guavus.com>
> Cc: "keycloak-user at lists.jboss.org" <keycloak-user at lists.jboss.org>
> Message-ID:
>         <
> CAPLmjegvQ2h1FdKDBtj1bP_TiH17cjPXxvVozMsZw9Q9WxnDgw at mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> Dear Sushil,
>
> Thank you for your valuable response.
>
> Vishnu Prakash
>
> On Fri, Nov 15, 2019 at 3:19 PM Sushil Singh <sushil.singh at guavus.com>
> wrote:
>
> >
> >
> > ________________________________
> > From: Sushil Singh <sushil.singh at guavus.com>
> > Sent: 15 November 2019 15:14
> > To: Vishnu Prakash <vishnuprakash323 at gmail.com>; Pedro Igor Silva <
> > psilva at redhat.com>; Stian Thorgersen <sthorger at redhat.com>
> > Subject: Re: [keycloak-user] Associating a REST api end point to multiple
> > resources in Keycloak in Policy Enforcer
> >
> > Hi,
> >
> > I think the use case is similar to what I am proposing
> >
> > @Vishnu Prakash<mailto:vishnuprakash323 at gmail.com>
> >
> > I have also proposed to impose custom policy-enforcement on a set of
> > resources.
> >
> > https://github.com/keycloak/keycloak/pull/6448
> > [
> >
> https://repository-images.githubusercontent.com/11125589/bd31cf00-70f4-11e9-9fb2-4f241568e586
> > ]<https://github.com/keycloak/keycloak/pull/6448>
> > KEYCLOAK-11300 : Creating CustomEnforcer functionality for spring
> adapters
> > by sushil-singh-guavus ? Pull Request #6448 ? keycloak/keycloak<
> > https://github.com/keycloak/keycloak/pull/6448>
> > KEYCLOAK-11300 : Creating CustomEnforcer functionality for spring
> adapters
> > https://issues.jboss.org/browse/KEYCLOAK-11300
> > github.com <https://issues.jboss.org/browse/KEYCLOAK-11300github.com>
> >
> >
> > Where user can specify a Map<Resource, Set<scopes>> and it will evaluate
> > to a positive result only if it satisfies permission for all resources in
> > the Map
> >
> > Currently I don't think this functionality is available in keycloak
> >
> > Thanks,
> >
> > Sushil
> > ________________________________
> > From: keycloak-user-bounces at lists.jboss.org <
> > keycloak-user-bounces at lists.jboss.org> on behalf of Vishnu Prakash <
> > vishnuprakash323 at gmail.com>
> > Sent: 15 November 2019 10:01
> > To: keycloak-user <keycloak-user at lists.jboss.org>
> > Subject: [keycloak-user] Associating a REST api end point to multiple
> > resources in Keycloak in Policy Enforcer
> >
> > Hi,
> > I want to protect my REST api's using Keycloak. I am deploying my
> > application in Wildfly application server and using keyclaok wildfly
> > adapters.
> > Is it possible to associate a REST api end point to multiple resources in
> > keycloak using the Policy Enforcer. If the user is having permission to
> > access all the associated resources, then only access should be granted
> to
> > the api.
> >
> > Any input will be a great help to me.
> >
> > Thanks & Regards,
> > Vishnu Prakash
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
>
> ------------------------------
>
> Message: 3
> Date: Fri, 15 Nov 2019 18:12:11 +0530
> From: Vinay Matam <vinay at dailykit.org>
> Subject: [keycloak-user] CORS error in Keycloak Admin REST API -
>         Unable to create realms from React JS app
> To: keycloak-user at lists.jboss.org
> Message-ID:
>         <CADNoEv8cyfuaHMg=RLqSvzm=9_HGPUg=
> mNCwpHBD_sRDFN2sHQ at mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> Hi,
> I need help with a situation.
> We are trying to create new realms in Keycloak dynamically from a ReactJS
> based application with the help of the Keycloak Admin Rest API. Here's what
> we have done so far:
>
> Created a client in the master realm, "realm-creator", type = confidential,
> Service Accounts Enabled = true, Scope = admin & create-realm selected,
> Service Account Roles = create-realm.
>
> I then fetch an access token of the above client using the grant_type =
> client_credentials, Authorization = BASIC and using the client id and
> client secret as username and password. I am successfully getting the
> access token.
>
> Now, as a next step, I am using this access token to create new realms by
> calling the Admin REST API endpoint to create new realm,
> https://<keycloakserver>/auth/admin/realms
> Authorization: Bearer <accesstoken> // Access token generated from the
> above step using "realm-creator" client
> and sending the JSON body representation of the realm representation.
>
> Now, everything is working fine as expected when I test this from postman.
> Realm is getting created successfully.
>
> But when I try to implement this from a ReactJS app, I am getting a CORS
> error.
> For clients, we have an option of "Web Origins" and we can configure a "*"
> or the URL we want, to solve the CORS issue. But here the client
> "realm-creator" does not have "Standard Flow" Enabled and I am not seeing
> the option of "WebOrigins".
>
> Where should I configure the CORS setting for the Keycloak Admin REST API
> to avoid CORS error ?
> Please help.
>
> Thank you!
>
>
> ------------------------------
>
> Message: 4
> Date: Fri, 15 Nov 2019 09:44:03 -0300
> From: Pedro Igor Silva <psilva at redhat.com>
> Subject: Re: [keycloak-user] [UMA] Access a protected resource by
>         using a link
> To: Fernando Mayoral <fernando.mayoral at practiv.com>
> Cc: keycloak-user <keycloak-user at lists.jboss.org>
> Message-ID:
>         <CAJrcDBdLQeqP=
> r7-PgpJ06DQB5Y4xwk1y1qmxyUq-nn4jnbVXA at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> What type of application we are talking about? A single monolithic or
> separated apps for frontend and backend ? Asking because you could just
> resume the workflow after the user authenticate again and is redirected
> back to your app ...
>
> AFAIK, there is nothing you could use OOTB but maybe implementing some
> custom authenticator. Even with a custom authenticator, the fact that you
> are automatically re-authenticating the user based on some form of code
> sent to an email may be risky ...
>
>
> On Thu, Nov 14, 2019 at 6:37 PM Fernando Mayoral <
> fernando.mayoral at practiv.com> wrote:
>
> > Yes, they leave the application and their keycloak session expires.
> > So then we want to send them a link for them to get a new session with
> > their user and get redirected to the order they didn't complete.
> > For example, a product is a bank account application:
> > They start filling the forms and early on they are asked for email.
> > But they never finish and submit the form, or maybe they leave the tab
> > open and forget so the session expires, so we send them an email to
> remind
> > them with a link to get authenticated and redirected back to an arbitrary
> > url.
> >
> > On Fri, Nov 15, 2019 at 2:47 AM Pedro Igor Silva <psilva at redhat.com>
> > wrote:
> >
> >> Hi,
> >>
> >> When the user "drops" from the system you mean a logout (ending the user
> >> session in Keycloak) ?
> >>
> >> On Thu, Nov 14, 2019 at 1:53 AM Fernando Mayoral <
> >> fernando.mayoral at practiv.com> wrote:
> >>
> >>> Hello!
> >>>
> >>> We have a product on which we create a protected resource (called
> orders)
> >>> in keycloak and we secure access to it by using a UMA as described by
> uma
> >>> authorization process
> >>> <
> >>>
> https://www.keycloak.org/docs/7.0/authorization_services/#_service_uma_authorization_process
> >>> >
> >>> .
> >>>
> >>> When the user drops from the system before they submit their order
> (i.e.
> >>> the order is incomplete) we want to be able to send them an email with
> a
> >>> link to the user so they?ll be able to get automatically authenticated
> >>> and
> >>> authorized so they can continue working on this protected resource.
> >>>
> >>> Does keycloak provide this kind of functionality out of the box?
> >>> (i.e. given a link with some sort of long-lived token, get
> authenticated
> >>> with keycloak and redirected to some arbitrary url)
> >>> Is there any recommended way to approach this?
> >>>
> >>> any hints would be greatly appreciated.
> >>> _______________________________________________
> >>> keycloak-user mailing list
> >>> keycloak-user at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>
> >>
>
>
> ------------------------------
>
> Message: 5
> Date: Fri, 15 Nov 2019 05:40:13 -0800
> From: Naga Vijay <nagausb2 at gmail.com>
> Subject: Re: [keycloak-user] JBoss_Keycloak_"404 - Not Found"
> To: Sushil Singh <sushil.singh at guavus.com>
> Cc: "keycloak-dev at lists.jboss.org" <keycloak-dev at lists.jboss.org>,
>         "keycloak-user at lists.jboss.org" <keycloak-user at lists.jboss.org>
> Message-ID:
>         <
> CAGdFQvwHpHjaUYb-bneHx1gW7LJA3MTQTNg6QLm1tKERfdNKDw at mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> The hello.war is properly deployed. I see the hello.war.deployed file in
> standalone/deployments.
>
> Thanks
> Naga
>
>
> On Fri, Nov 15, 2019 at 2:08 AM Sushil Singh <sushil.singh at guavus.com>
> wrote:
>
> > I think , you might be countering an error while the war is deployed that
> > is why it is giving 404
> >
> > You should identify the server logs first to identify what is failing
> >
> > Thanks
> >
> > Sushil
> >
> > ------------------------------
> > *From:* keycloak-user-bounces at lists.jboss.org <
> > keycloak-user-bounces at lists.jboss.org> on behalf of Naga Vijay <
> > nagausb2 at gmail.com>
> > *Sent:* 13 November 2019 20:22
> > *To:* keycloak-user at lists.jboss.org <keycloak-user at lists.jboss.org>;
> > keycloak-dev at lists.jboss.org <keycloak-dev at lists.jboss.org>
> > *Subject:* Re: [keycloak-user] JBoss_Keycloak_"404 - Not Found"
> >
> > As I haven't heard back from anyone, I have logged this -
> > https://issues.jboss.org/browse/KEYCLOAK-12036
> >
> > Thanks
> > Naga
> >
> > On Wed, Nov 13, 2019 at 5:43 AM Naga Vijay <nagausb2 at gmail.com> wrote:
> >
> > >
> > > Hello,
> > >
> > > Did anyone get a chance to look into this? I am wondering whether I am
> > > facing a bug. Keycloak realm, user, client definition are all in place.
> > And
> > > the adapter has been installed into JBoss EAP instance. Here's web.xml
> in
> > > the hello.war ...
> > >
> > > <web-app xmlns="http://java.sun.com/xml/ns/javaee"
> > >
> > >          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > >
> > >          xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
> > > http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
> > >
> > >          version="3.0">
> > >
> > >
> > >
> > >     <module-name>basicauth</module-name>
> > >
> > >
> > >
> > >     <security-constraint>
> > >
> > >         <web-resource-collection>
> > >
> > >             <url-pattern>/*</url-pattern>
> > >
> > >         </web-resource-collection>
> > >
> > >         <auth-constraint>
> > >
> > >             <role-name>*</role-name>
> > >
> > >         </auth-constraint>
> > >
> > >     </security-constraint>
> > >
> > >
> > >
> > >     <login-config>
> > >
> > >         <auth-method>KEYCLOAK</auth-method>
> > >
> > >         <realm-name>MyRealm</realm-name>
> > >
> > >     </login-config>
> > >
> > >
> > >
> > >     <security-role>
> > >
> > >         <role-name>*</role-name>
> > >
> > >     </security-role>
> > > </web-app>
> > >
> > > And here's keycloak.json alongside web.xml ...
> > >
> > > {
> > >
> > >   "realm": "MyRealm",
> > >
> > >   "auth-server-url": "http://localhost:8180/auth",
> > >
> > >   "ssl-required": "external",
> > >
> > >   "resource": "dkc",
> > >
> > >   "public-client": true,
> > >
> > >   "confidential-port": 0,
> > >
> > >   "enable-cors" : true
> > > }
> > >
> > > http://localhost:8080/hello gives "404 - Not Found" instead of showing
> > > keycloak login page.
> > >
> > > What am I missing?
> > >
> > > Thanks
> > > Naga
> > >
> > > On Tue, Nov 12, 2019 at 9:24 PM Naga Vijay <nagausb2 at gmail.com> wrote:
> > >
> > >>
> > >> (+) keycloak-dev
> > >>
> > >> On Tue, Nov 12, 2019 at 7:56 PM Naga Vijay <nagausb2 at gmail.com>
> wrote:
> > >>
> > >>>
> > >>> Hello,
> > >>>
> > >>> Can someone help me with this?
> > >>>
> > >>> ==============
> > >>> Environment -
> > >>> ==============
> > >>>
> > >>> 1. OS - Mac OS X
> > >>> 2. JBoss EAP 7.1
> > >>>
> > >>> 3. Keycloak 7.0.1
> > >>>
> > >>> ==============
> > >>> Issue -
> > >>> ==============
> > >>>
> > >>> . Getting "404 - Not Found" for a simple hello.war (with KEYCLOAK as
> > the
> > >>> auth-method in its web.xml) when accessing
> http://localhost:8080/hello
> > >>>
> > >>> ==============
> > >>> Attachments -
> > >>> ==============
> > >>>
> > >>>    1. kc.json - export dump of keycloak database/configuration
> > >>>    2. hello.war - the simple war tested with
> > >>>
> > >>> Let me know if you need any other info.
> > >>>
> > >>> Thanks
> > >>>
> > >>> Naga
> > >>>
> > >>>
> > >>>
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
>
> ------------------------------
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> End of keycloak-user Digest, Vol 71, Issue 24
> *********************************************
>


More information about the keycloak-user mailing list