Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-8766

[GSS](7.2.0) CORS with OIDC requests fails when using elytron adapter

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
    • Environment:
    • Security Sensitive Issue:
      This issue is security relevant
    • Steps to Reproduce:
      Hide
      1. Install RH-SSO 7.2.4
      2. follow the instructions from the rh-sso-quickstarts for app-jee-html5 and service-jee-jaxrs to create a realm, clients, and users.
      3. make sure the front-end realm has Web Origins * and, http://localhost:3000/* as a valid redirect url. (I'm uploading a realm that should have everything setup)
      4. install EAP-7.1.0 plus the 7.1.4 patch
      5. install the rh-sso 7.2.4 adapter and run the "adapter-elytron-install-offline.cli"
      6. Install service-jee-jaxrs to the eap instance, and make sure to add enable-cors:true to the keycloak.json generated from the realm.
      7. for the app-jee-html5 example, it needs to run in a separate instance on port 3000, I'm uploading a simple node app.
      8. start the example by running "node server.js"
      9. Login and you'll see that the rest api's return 200 on the GET calls, but no data even though options passes with 200.
      10. If you do all the same steps but install using the adapter-install-offline.cli rather than the elytron version, everything works as expected.
      Show
      Install RH-SSO 7.2.4 follow the instructions from the rh-sso-quickstarts for app-jee-html5 and service-jee-jaxrs to create a realm, clients, and users. make sure the front-end realm has Web Origins * and, http://localhost:3000/* as a valid redirect url. (I'm uploading a realm that should have everything setup) install EAP-7.1.0 plus the 7.1.4 patch install the rh-sso 7.2.4 adapter and run the "adapter-elytron-install-offline.cli" Install service-jee-jaxrs to the eap instance, and make sure to add enable-cors:true to the keycloak.json generated from the realm. for the app-jee-html5 example, it needs to run in a separate instance on port 3000, I'm uploading a simple node app. start the example by running "node server.js" Login and you'll see that the rest api's return 200 on the GET calls, but no data even though options passes with 200. If you do all the same steps but install using the adapter-install-offline.cli rather than the elytron version, everything works as expected.
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Even with CORS enabled, and "*" marked as a valid in the front-end client, the rest service running on EAP 7.1.4 with the RH-sso-adapter separately from RH-SSO refuses calls made to it from another origin by returning 200 with no content.

      This only happens when installing the adapter-elytron-install.cli. It works as expected with the adapter-install.cli

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                david.guthrie David Guthrie
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated: