Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-11797

KeyCloak CORS problem on log out for further login page redirect

    Details

    • Steps to Reproduce:
      Hide

      1. to have standalone Keycloak server
      2. to have Spring boot app running using integration Keycloak
      3. call app's logout endpoint by Angular (I guess Spring-boot-keycloak adds "/logout" and handles it it self)
      4. final 302 call from Anular FE will get CORS problem

      Show
      1. to have standalone Keycloak server 2. to have Spring boot app running using integration Keycloak 3. call app's logout endpoint by Angular (I guess Spring-boot-keycloak adds "/logout" and handles it it self) 4. final 302 call from Anular FE will get CORS problem
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Hello, we used Keycloak with Java SpringBoot app server.

      When our Angular front end calls Post request (which I think invalidates session) "/logout" endpoint of our java app (btw. handler of this call is done by spring boot keycloak) , our app then automatically calls Keycloak, which invalidate token, and redirects user using 302 http status to Keycloak login page. Problem is, there is a CORS preflight Option call (for this last login page fetch done automatically by Angular - as a reaction to 302 http status) which blocks frontend call, even if I set Keycloak configuration properly (first "*" - for disabling - did not work, then "+" - for redirected url, even enumeration of all host/port combination of our backend java app - no hope).

      So, once again in one sentence: There are no CORS headers from Keycloak, even Keycloak is configured properly for this (or at least I think it is).

      In Spring boot I have:
      _keycloak.cors=true
      keycloak.cors-max-age=1000
      keycloak.cors-allowed-methods=POST,PUT,DELETE,GET
      keycloak.cors-allowed-headers=ETag,Location
      keycloak.cors-exposed-headers=Accept,Content-Type,If-Match,If-None-Match,Origin_

      Frontend request header from Angular is (OUR_PORT == our app port):
      _Accept-Encoding gzip, deflate, br
      Accept-Language en-US,en;q=0.5
      Access-Control-Request-Headers content-type,x-xsrf-token
      Access-Control-Request-Method GET
      Connection keep-alive
      Host 192.168.200.200:OUR_PORT
      Origin https://192.168.200.200:OUR_PORT
      Referer https://192.168.200.200:OUR_PORT/
      TE Trailers
      User-Agent Mozilla/5.0 (X11; Ubuntu; Linu…) Gecko/20100101 Firefox/69.0_

      _responseheader from Keycloak server:
      content-length 93
      content-type application/json
      date Wed, 23 Oct 2019 11:51:38 GMT
      X-Firefox-Spdy h2
      _
      Somebody described this problem here, but no response:
      https://stackoverflow.com/questions/46220566/keycloak-cors-issue-when-being-redirected-to-login/46222250#46222250

      Should I call logout in different way?

      Thanks for the help.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                palos2 Palo Palos
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: