注销退出重定向时出现Keycloak CORS问题 [英] Keycloak CORS issue on logout redirect
问题描述
我正在使用Keycloak 10.0.2来保护Spring Boot REST API和前端的Angular 9.
前端由运行在http://localhost:8080上的spring boot微服务提供.
在keycloak端,openid-connect客户端Web起源被配置为允许所有起源.
Spring boot spring安全性已配置为使用Keycloak作为oauth2客户端提供程序.
I am using Keycloak 10.0.2 to secure the spring boot REST API's and Angular 9 for front end.
The front end is served from the spring boot microservice running on http://localhost:8080.
On the keycloak side the openid-connect client web origin is configured to allow all origins.
Spring boot spring security is configured to use the Keycloak as oauth2 client provider.
spring:
security:
oauth2:
client:
provider:
keycloak:
issuer-uri: https://abc-keycloak.abccloud.com/auth/realms/abc
scope: openid, profile
registration:
keycloak:
client-id: localhost
client-secret: xxxxx
redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
resourceserver:
jwt:
issuer-uri: https://abc-keycloak.abccloud.com/auth/realms/abc
有角度的前端进行注销API调用http://localhost:8080/logout 并重定向到
The angular front end makes a logout API call http://localhost:8080/logout and is redirected to
HTTP/1.1 302 Found Location:
https://abc-keycloak.abccloud.com/auth/realms/abc/protocol/openid-connect/logout?id_token_hint=xxxxxx
我在Google Chrome浏览器中收到CORS错误
I am getting a CORS error in the Google Chrome browser
在以下位置访问XMLHttpRequest 'https://abc-keycloak.abccloud.com/auth/realms/abc/protocol/openid-connect/logout?id_token_hint=xxxxxx&post_logout_redirect_uri=http://localhost:8080' (从"http://localhost:8080/logout"重定向) "http://localhost:8080"已被CORS政策阻止:对 预检请求未通过访问控制检查:否 请求中存在"Access-Control-Allow-Origin"标头 资源.
Access to XMLHttpRequest at 'https://abc-keycloak.abccloud.com/auth/realms/abc/protocol/openid-connect/logout?id_token_hint=xxxxxx&post_logout_redirect_uri=http://localhost:8080' (redirected from 'http://localhost:8080/logout') from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
推荐答案
它不应该是API调用(在后台请求).整个浏览器应导航到该应用注销URL(然后再导航至Keycloak注销URL).
It shouldn't be a API call (request in the backround). Whole browser should be navigated to that app logout URL (and then to Keycloak logout URL).
这篇关于注销退出重定向时出现Keycloak CORS问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!