All geek questions in one place

Keycloak realmresourceprovider corse

I am evaluating some IAM products and have encountered a problem with CORS using Keycloak's RealmResourceProvider. The goal is to write an angular4 client that can create users and manage groups using Keycloak's REST interface.

server side:

I tried to implement the Rest interface with the RealmResourceProvider interface so that I can access Realm and User Data as easily as possible. I followed the Beercloak example (github.com/dteleguin/beercloak) and got it working, but without a special topic (only REST-Resources). My own application is packaged as a Jar. I managed to call this facade through the REST Client, and it worked (first called localhost: 8080 / auth / realms / master / protocol / openid-connect / token, and then filled the token in the authorization header).

keycloak-configuration , but if I check it through the browser, I will need to turn on Cross-Origin-Ressource-Sharing. To do this, I added the "enable-cors" attribute to "keycloak.json" in the server application:

{
"realm": "master",
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "pharmacyRessource",
"public-client": true,
"enable-cors": true
}

In addition, I created a client in Keycloak Admin. Client configuration

:

angular Mohuks ng2-keyclayak github.com/mohuk/ng2-keycloak/blob/master/src/keycloak.service.ts, accesstoken. - . , GET , - Access-Control-Allow-Origin: 401 Keycloak.json, keycloak-client javascript, :

{
  "realm": "master",
  "auth-server-url": "http://localhost:8080/auth",
  "ssl-required": "external",
  "resource": "pharmacyRessource",
  "public-client": true
}

:

  • CORS, , keycloak.
  • @OPTIONS CORSE . , .
  • .war, /, .

hub.docker.com/r/jboss/keycloak/

+4
1

CORS keycloak ( wildlfy). , standalone.xml wildfly:

        <subsystem xmlns="urn:jboss:domain:undertow:4.0">
        <buffer-cache name="default"/>
        <server name="default-server">
            <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
            <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
            <host name="default-host" alias="localhost">
                <location name="/" handler="welcome-content"/>
                 <filter-ref name="server-header"/>
        <filter-ref name="x-powered-by-header"/>
        <filter-ref name="Access-Control-Allow-Origin"/>
        <filter-ref name="Access-Control-Allow-Methods"/>
        <filter-ref name="Access-Control-Allow-Headers"/>
        <filter-ref name="Access-Control-Allow-Credentials"/>
        <filter-ref name="Access-Control-Max-Age"/>
                <http-invoker security-realm="ApplicationRealm"/>
            </host>
        </server>
        <servlet-container name="default">
            <jsp-config/>
            <websockets/>
        </servlet-container>
        <handlers>
            <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
        </handlers>
            <filters>
        <response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
        <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
        <response-header name="Access-Control-Allow-Origin" header-name="Access-Control-Allow-Origin" header-value="http://localhost"/>
        <response-header name="Access-Control-Allow-Methods" header-name="Access-Control-Allow-Methods" header-value="GET, POST, OPTIONS, PUT"/>
        <response-header name="Access-Control-Allow-Headers" header-name="Access-Control-Allow-Headers" header-value="accept, authorization, content-type, x-requested-with"/>
        <response-header name="Access-Control-Allow-Credentials" header-name="Access-Control-Allow-Credentials" header-value="true"/>
        <response-header name="Access-Control-Max-Age" header-name="Access-Control-Max-Age" header-value="1"/>
      </filters>
    </subsystem>
+1

Source: https://habr.com/ru/post/1684615/

More articles:


All Articles