CORS error with SAML login

Hello,

I found answers to my Problem online but they do not seem to work for me.

I have an Angular application that redirects for login to my Keycloak server for authentication with OIDC. There I have the option to login with username and password or using SSO with my Identity Provider. The SSO itself works just fine, if I click on it the user gets created in my keycloak database.

The first Problem I faced was trying to login with username and password and I got the following error:

Access to XMLHttpRequest at ‘https://my_keycloak_url/auth/realms/my_realm/protocol/openid-connect/token’ from origin ‘https://my_client_url’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

I found the solution to this online and I could solve it by adding https://my_client_url to the Web origins of my ui-client.

However, if I try to login with SSO I get the following error:

Access to XMLHttpRequest at ‘https://my_keycloak_url.de/auth/realms/my_realm/account’ from origin ‘https://my_client_url’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

I tried adding https://my_client_url to the Web origins of my ui-client but that did not work. I also noticed that https://my_keycloak_url.de/auth/realms/my_realm/account is the base url for my account and account-console clients, so I tried adding https://my_client_url to the Web origins of those clients but it also didn’t work.

Any idea why I’m getting this error?

/auth/realms/my_realm/account is not API endpoint, but regular html page. IMHO there is no reason to allow access via script.

1 Like

Hello @jangaraj, thank you for your response. I don’t think I understand it fully. Could you elaborate?

If I understand it correctly you mean that the CORS error is caused by /auth/realms/my_realm/account not being a API endpoint. However I did not set this path myself, or at least not on purpose. Is there a way of changing it for the authentication with SSO?

The problem was solved by mapping account.view-profile to my Identity Provider Mappers.
Why this resulted in a CORS error is beyond me…

Please can you elaborate on this. I am using a similar endpoint to this one which I guess is not an API endpoint but I am unsure as what to put (newbie).