注销退出重定向时出现Keycloak CORS问题 [英] Keycloak CORS issue on logout redirect

问题描述

我正在使用Keycloak 10.0.2来保护Spring Boot REST API和前端的Angular 9. 前端由运行在http://localhost:8080上的spring boot微服务提供. 在keycloak端，openid-connect客户端Web起源被配置为允许所有起源.
Spring boot spring安全性已配置为使用Keycloak作为oauth2客户端提供程序.

I am using Keycloak 10.0.2 to secure the spring boot REST API's and Angular 9 for front end. The front end is served from the spring boot microservice running on http://localhost:8080. On the keycloak side the openid-connect client web origin is configured to allow all origins.
Spring boot spring security is configured to use the Keycloak as oauth2 client provider.

spring:
  security:
    oauth2:
      client:
        provider:
          keycloak:
            issuer-uri: https://abc-keycloak.abccloud.com/auth/realms/abc
            scope: openid, profile        

        registration:
          keycloak:
            client-id: localhost
            client-secret: xxxxx
            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
      resourceserver:
        jwt:
          issuer-uri: https://abc-keycloak.abccloud.com/auth/realms/abc

有角度的前端进行注销API调用http://localhost:8080/logout 并重定向到

The angular front end makes a logout API call http://localhost:8080/logout and is redirected to

 HTTP/1.1 302 Found  Location:
 https://abc-keycloak.abccloud.com/auth/realms/abc/protocol/openid-connect/logout?id_token_hint=xxxxxx
 

我在Google Chrome浏览器中收到CORS错误

I am getting a CORS error in the Google Chrome browser

在以下位置访问XMLHttpRequest 'https://abc-keycloak.abccloud.com/auth/realms/abc/protocol/openid-connect/logout?id_token_hint=xxxxxx&post_logout_redirect_uri=http://localhost:8080' (从"http://localhost:8080/logout"重定向) "http://localhost:8080"已被CORS政策阻止:对 预检请求未通过访问控制检查:否 请求中存在"Access-Control-Allow-Origin"标头 资源.

Access to XMLHttpRequest at 'https://abc-keycloak.abccloud.com/auth/realms/abc/protocol/openid-connect/logout?id_token_hint=xxxxxx&post_logout_redirect_uri=http://localhost:8080' (redirected from 'http://localhost:8080/logout') from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

推荐答案

它不应该是API调用(在后台请求).整个浏览器应导航到该应用注销URL(然后再导航至Keycloak注销URL).

It shouldn't be a API call (request in the backround). Whole browser should be navigated to that app logout URL (and then to Keycloak logout URL).

这篇关于注销退出重定向时出现Keycloak CORS问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！