Donate. I desperately need donations to survive due to my health

Get paid by answering surveys Click here

Click here to donate

Remote/Work from Home jobs

CORS Issue RH-SSO (Keycloak) and JBoss EAP 7.1

on

I'm facing some problems with CORS when using rh-sso 7.1.

I'm using the following environment:

- JBoss EAP 7.1 with Resteasy in the backend -> localhost:8080/accountmovement/api
- ReactJS in the frontend -> localhost:3000
- RH-SSO -> localhost:8180

The JBoss EAP is using the Wildfly/EAP Adapter from Red Hat, with the configurations made on the standalone.xml file as a subsystem:

<subsystem xmlns="urn:jboss:domain:keycloak:1.1">
  <secure-deployment name="accountmovement.war">
    <realm>demo</realm>
    <resource>accountmovement-backend</resource>
    <use-resource-role-mappings>true</use-resource-role-mappings>
    <public-client>true</public-client>
    <auth-server-url>http://localhost:8180/auth</auth-server-url>
    <ssl-required>EXTERNAL</ssl-required>
    <enable-cors>true</enable-cors>
  </secure-deployment>
</subsystem>

I Already enabled the Web Origins to " * " in the RH-SSO Admin console for both of the clients I'm using.

In the frontend I'm building the Keycloak object with the following paramenters:

const keycloak = Keycloak({
  "realm": "demo",
  "url": url+":8180/auth",
  "clientId":"accountmovement-front",
  "enable-cors": true,
  "cors-allowed-methods" : '*',
});

keycloak.init({onLoad: 'login-required'}).then(authenticated => {
  if(!authenticated){
    alert("not auth");
  }else{
    if(keycloak){
      this.setState({ 
        keycloak: keycloak, 
      })
    }
  }
})

The error I receive is the following:

Failed to load http://localhost:8080/accountmovement/api/accounts?_=1543522008489: Redirect from 'http://localhost:8080/accountmovement/api/accounts?_=1543522008489' to 'http://localhost:8180/auth/realms/demo/protocol/openid-connect/auth?response_type=code&client_id=accountmovement-backend&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Faccountmovement%2Fapi%2Faccounts?_%3D1543522008489&state=ce5ee16c-f5f7-4a9e-affd-3316c4fad78f&login=true&scope=openid' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.

Do you have any idea for what can I do?

If you need more information just let me know!

Comments

Post a Comment