I have a Keycloak SAML Identity Provider (IdP) and a backend (NodeJS) server each running on separate IPs/Hosts. Everything works great when I manually navigate to my backend login page. I’, redirected to Keycloak for login and then the SAML assertion is posed back to my backend callback page. But this doesn’t work for ajax calls.
The redirect to the Keycloak SAML IdP fails with a preflight “No Access-Control-Allow-Origin header present on requested resource” error. If we were using Open ID Connect (OIDC) then I could put my backend IP/Hostname into the Web Origins Setting, but that setting doesn’t exist in Keycloak SAML.
How can I add my backend server IP/Hostname to CORS in Keycloak SAML or otherwise send the Access-Control-Allow-Origin header I need?