No 'Access-Control-Allow-Origin' header is present on the requested resource in keycloak

Question

I am hitting Key cloak api http://localhost:8080/auth/realms/**/protocol/openid-connect/token with right credentials ,its working fine but with wrong credentials

And when I add the cross-origin-allow , it give me preflight error

can anyone please help me :) PS: everything is working fine with CORS plugin

Answer 1

You are requesting a resource at localhost:8080 from you angular app which runs at locahost:4200.

In order for this to work you need to enable CORS on the server side. Thus you need to add the header to the response. This can either be done using the .htaccess file which has been proposed already. A better solution (or maybe the best one) is to configure this in your keycloak server. You can set allowed origins on the realm in which you are working. Simply open your admin console, navigate to the realm settings and set the 'Web origins'. The hint already tells you that you can configure 'Allowed CORS origins.' here.

For testing purpos you should add http://localhost:4200

Answer 2

In our setup we used a keycloak.json for the communication between karaf and keycloak in this scenario it was necessary to add

"enable-cors": true

to our keycloak.json file. See also here