Facing CORS policy issue after configuring OpenID.

[spmishra121]

Hi @stevespringett,

I had configured Keycloak OpenID server on different machine. My DT is running on different machine. My DT's front end and api is mapped with DNS using NGINX.

But when I am trying to login into DT using OpenID, I am facing CORS issue. Please guide...

Docker-compose File Configuration is:

######################################################
# Optional OpenID Connect (OIDC) Properties
- ALPINE_OIDC_ENABLED=true
- ALPINE_OIDC_ISSUER=http://10.25.53.73:8082/auth/realms/master
- ALPINE_OIDC_CLIENT_ID=dependency-track
- ALPINE_OIDC_USERNAME_CLAIM=preferred_username
- ALPINE_OIDC_TEAMS_CLAIM=groups
- ALPINE_OIDC_USER_PROVISIONING=true
- ALPINE_OIDC_TEAM_SYNCHRONIZATION=true
#
# Optional HTTP Proxy Settings
# - ALPINE_HTTP_PROXY_ADDRESS=proxy.example.com
# - ALPINE_HTTP_PROXY_PORT=8888
# - ALPINE_HTTP_PROXY_USERNAME=
# - ALPINE_HTTP_PROXY_PASSWORD=
# - ALPINE_NO_PROXY=
#
# Optional HTTP Outbound Connection Timeout Settings. All values are in seconds.
# - ALPINE_HTTP_TIMEOUT_CONNECTION=30
# - ALPINE_HTTP_TIMEOUT_SOCKET=30
# - ALPINE_HTTP_TIMEOUT_POOL=60
#
# Optional Cross-Origin Resource Sharing (CORS) Headers
- ALPINE_CORS_ENABLED=true
- ALPINE_CORS_ALLOW_ORIGIN= *
- ALPINE_CORS_ALLOW_METHODS=GET, POST, PUT, DELETE, OPTIONS
- ALPINE_CORS_ALLOW_HEADERS=Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count, *
- ALPINE_CORS_EXPOSE_HEADERS=Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count
- ALPINE_CORS_ALLOW_CREDENTIALS=true
- ALPINE_CORS_MAX_AGE=3600

##############################################################

DT Error:

[nscuro]

Hi @spmishra121  👋

The error you're seeing is caused by your Keycloak installation not setting any CORS response headers for the .well-known/openid-configuration endpoint. Per default, Keycloak always sets this based on the Origin request header.

For example:

$ curl -v -H "Origin: http://localhost:1234" http://localhost:8080/realms/test/.well-known/openid-configuration
*   Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /realms/test/.well-known/openid-configuration HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.79.1
> Accept: */*
> Origin: http://localhost:1234
>
< HTTP/1.1 200 OK
...
< Access-Control-Allow-Origin: http://localhost:1234
< Access-Control-Allow-Credentials: true
...

What version of Keycloak are you using? Is you Keycloak behind a load balancer or reverse proxy of some sort? If yes, is it possible that the Origin header is not forwarded to Keycloak?

[spmishra121]

Thanks for your response @nscuro,

It may be because I am using a pre-installed version and that server is not in my control. Please provide me some more details about configuration, so that I can ask the team to configure that.

Server Info:

[spmishra121]

Thanks @nscuro, It's working now.