We use Keycloak for SAML IDP Initiated access to different SSO’s. One SSO is getting a CORS error because the Origin in the POST request is null. Can the Origin for SAML in Keycloak be set somewhere? The documentation shows where you set web origin for OpenID but not for SAML. Below is an example of the issue.
POST Protected Page SAML Demo Service Provider HTTP/1.1
sec-ch-ua: “Chromium”;v=“130”, “Google Chrome”;v=“130”, “Not?A_Brand”;v=“99”
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: “Windows”
Origin: null
Content-Type: application/x-www-form-urlencoded
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9