Hi,
Specifying “Web Origins” as *(allow all) in the client and configuring spring-security adapter is not working as expected. I’ve disabled KeyCloakAutoConfiguration.I’m doing a manual configuration as follows.
private KeycloakSpringBootProperties getKeycloakSpringBootProperties(){
authServerUrl = "https://"+authServerName+":8443/auth";
realm = "TEST-REALM";
KeycloakSpringBootProperties keycloakSpringBootProperties = new KeycloakSpringBootProperties();
keycloakSpringBootProperties.setEnabled(true);
keycloakSpringBootProperties.setRealm("TEST-REALM");
keycloakSpringBootProperties.setResource(keycloakClientId);
keycloakSpringBootProperties.setAuthServerUrl(authServerUrl);
Map<String, Object> credentials = new HashMap<>();
credentials.put(Constants.SECRET, keycloakClientSecret);
keycloakSpringBootProperties.setCredentials(credentials);
keycloakSpringBootProperties.setSslRequired(Constants.ALL);
keycloakSpringBootProperties.setPublicClient(false);
keycloakSpringBootProperties.setPrincipalAttribute(Constants.PREFERRED_USERNAME);
return keycloakSpringBootProperties;
}
I’ve specified “Web Origins” as * , but still i get the error in the browser saying “Access-Control-Allow-Origin” not present in the Response headers. The documentation says
The way it works is that the domains listed in the
Web Originssetting for the client are embedded within the access token sent to the client application.
The keycloak-spring-boot-starter adapter should ideally take care of the CORS requests. But this seems not be happening. Am i missing something here ? Any Help would be greatly appreciated.
Thank you.
-Ram