Keycloak CORS Configuration

838 views
Skip to first unread message

Mark Jayson Gonzaga

unread,
Sep 21, 2021, 2:58:39 PM9/21/21
to Quarkus Development mailing list
Hi Team,

I would like to ask if there is any keycloak configuration that we should similar to this one below

keycloak:
  auth-server-url: http://localhost:8180/auth
  realm: CollageERP
  resource: collage-erp-web
  public-client: true
  use-resource-role-mappings: true
  cors: true
  cors-max-age: 0
  principal-attribute: preferred_username
  cors-allowed-methods: POST, PUT, DELETE, GET
  cors-allowed-headers: X-Requested-With, Content-Type, Authorization, Origin, Accept, Access-Control-Request-Method, Access-Control-Request-Headers
I know that we have a CORS configuration such as below.

quarkus:
  http:
    port: 9090
    cors:
      ~: true
      origins: "*" #${ORIGINS:http://localhost:8081}
      headers: "*"
      access-control-allow-credentials: true
      methods: "*"
      exposed-headers: "*"
      access-control-max-age: 24H
But still would like to know if the above configuration dedicated for keycloak is valid.

Reason asking is whenever I test locally It is ok, but when I run the quarkus application via docker container I keep on getting 401.

Thanks

Sergey Beryozkin

unread,
Sep 21, 2021, 5:43:02 PM9/21/21
to Mark Jayson Gonzaga, Quarkus Development mailing list
Hi

Looks like you are with one of the first Quarkus releases ? `quarkus-keycloak` has been replaced by `quarkus-oidc` since then,

However, Keycloak CORS configuration in the case of a bearer token supplied to Quarkus is not relevant since all Quarkus does in this case is verify the token either locally or via a backchannel with Keycloak bypassing the CORS constraints if any. It is something to do with the CORS access from SPA to Quarkus - please migrate to the latest Quarkus - may be it will work

Thanks, Sergey

--
You received this message because you are subscribed to the Google Groups "Quarkus Development mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to quarkus-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/CADNbDsAD0%2BovQ3%3Dd%2B1YvSLEk%2BUXzOk7xLS5kXe%2BDc_z9u72xQg%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages