[keycloak-user] Spring Boot with KeyCloak CORS problem on log out
Pavol Ozvalda
pavol.ozvalda at platomics.com
Tue Oct 22 11:16:17 EDT 2019
Hello, we used 6* and also 7* Keycloak with Java SpringBoot.
When our Angular front end calls Post request for "/logout" of our java app (which I think invalidate session), our app then calls Keycloak, which invalidate token, and redirects user using 302 http status to keycloak login page. Problem is, there is a CORS preflight call (Option) which blocks further (login screen) frontend call, even if I set Keycloak configuration properly (first * - for disabling - does not work, then "+" - for redirected url, even enumeration of all host/port combination of our backend java app). I can not get response from Keycloak to contain CORS headers.
So, once again in one sentence: There are no CORS headers from Keycloak, even Keycloak is configured properly for this.
In Spring boot i have:
keycloak.cors=true
keycloak.cors-max-age=1000
keycloak.cors-allowed-methods=POST,PUT,DELETE,GET
keycloak.cors-allowed-headers=ETag,Location
keycloak.cors-exposed-headers=Accept,Content-Type,If-Match,If-None-Match,Origin
Somebody described this problem here, but no response:
https://stackoverflow.com/questions/46220566/keycloak-cors-issue-when-being-redirected-to-login/46222250#46222250
Should I call logout in different way?
Thanks for da help.
More information about the keycloak-user
mailing list