Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-9099

Gatekeeper Ajax calls unauthorized 307

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Done
    • 4.6.0.Final
    • None
    • Gatekeeper
    • None
    • NEW
    • NEW

    Description

      I am currently implementing Gatekeeper instead of Proxy to protect certain applications.

      I am working on Graylog and RabbitMQ. Both systems use XMLHttpRequests (ajax) to fetch information / test login.
      I use the following configuration:

          discovery-url: https://url
          client-id: id
          client-secret: secret
          listen: 0.0.0.0:8080
          upstream-url: http://app_url
          resources:
          - uri: /*
            roles:
            - monitoring
      

      When the apps POST an ajax call to /api/session to try to login, it gatekeeper returns a 307 and redirects the call to KeyCloak, which is not allowed becouse of CORS, which is correct.
      All the assets like /img/styles.css do work. So I think it is only in ajax calls.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              jessevans Jesse Nedbase (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: