We are currently facing the following problem for our Webapplication using Keycloak as an IDP behind an Traefik 1.7:
Chrome console tells us:
Access to manifest at 'https://keycloak.dev.example.com/auth/realms/myrealm/protocol/openid-connect/auth?client_id=myclient&redirect_uri=...' (redirected from 'https://myfrontend.dev.example.com/manifest.json') from origin 'https://myfrontend.dev.example.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
In keycloak we set Web Origins = * for client myclient inside the myrealm realm.
We already tried to set https://myfrontend.dev.example.com as the Web Origins. That did not help.
We configured the Ingress inside the namespace where our keycloak is deployed. Adding the annotations:
ingress.kubernetes.io/cors-allow-origin: https://myfrontend.dev.example.com
ingress.kubernetes.io/enable-cors: "true"
It did not help.
In the past we had a setup with the IDP just using the same subdomain. Of corse this will prevent any CORS issues, but we want to seperate this.
Any suggestions on where to add configuration to apply the CORS-related headers? Thank you.