JITSI-KEYCLOAK - CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource


I am struggling with jitsi-keycloak since few days now. I am getting CORS error like this in browser

Access to XMLHttpRequest at 'https://auth.MYDOMAIN.com/auth/realms/VC%20Realm/protocol/openid-connect/auth?client_id=vctestclient&state=e4bbde20-34e8-4d42-89ac-a1ac03724948&redirect_uri=http%3A%2F%2Fjk.MYDOMAIN.com%2Fapi%2Fconfig%3Fauth_callback%3D1&scope=openid&response_type=code' (redirected from 'https://jk.MYDOMAIN.com/api/config') from origin 'https://jk.MYDOMAIN.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Here is my setup:

  1. AWS EC2 running docker-jitsi-desktop with proper setting (ENABLE_AUTH=1, AUTH_TYPE=jwt and JWT_APP_ID=APPID )
  2. Another AWS EC2 running
    2.1) jitsi-keycloak started using docker-compose ( https://jk.MYDOMAIN.COM )
    2.2) keycloak ( https://auth.MYDOMAIN.COM ) and postgres inside separate docker containers using this docker compose file keycloak-containers/keycloak-postgres.yml at master · keycloak/keycloak-containers · GitHub AND
    2.3) an NGINX reverse proxy docker and letsencrypt sidecar docker using repo at GitHub - jwulf/letsencrypt-nginx-sidecar: Run letsencrypt and nginx in a docker-compose side car which starts keycloak and postgres docker containers . NGINX handles reverse proxy for jitsi-keycloak and keycloak. Letsencrypt sidecar automatically requests letsencrypt cert for associated domains.

I have done all the settings mentioned in GitHub - d3473r/jitsi-keycloak: Login to jitsi with keycloak https://hub.docker.com/r/d3473r/jitsi-keycloak but I keep getting this error in browser. My workflow currently is.

Visit jk.MYDOMAIN.com . This redirects to keycloak login page. Before putting credentials, I open the developer tools to see the console. When I click Sign In, I get logged in and immediately see this error (mentioned on the top of this writeup. Nothing happens when I enter the room name and press OPEN JITSI button. Nothing happens

Here is how keycloak is setup

Here is the keycloak.json

Please let me know what I am doing wrong. If you need more info please let me know and I will send quickly.

Any help is appreciated @florianoverkamp @emrah @fabian_s @Fabian_H @Ivan_Morozoff @andreas_h @santoshaimpace @ARUNODHAYAM_S @bstaylor12 @saghul

Thanks in advance

Going out on limb here and pondering thats more keycloak related than jitsi related. Googling ‘Access-Control-Allow-Origin keycloak’ gets us:

Which looks similar. I’d give it a go.

Thanks @florianoverkamp.
That post does not have much good info for my problem.

Here is what I did to solve part of the problem. Initially I had created new Realm. I deleted that realm and used the master realm. Just that change alone solved all the problems and now I am able to use my setup correctly.

Thank you community. Please let me know if anybody has questions on this setup

I was wrong. The actual problem was that I was trying to use a non-master realm (VC Realm) without creating a user inside that realm. After I created a user inside that non-master realm (VC Realm) using Keycloak dashboard everything is working. I guess I will have to read more on how to use keycloak.

Thanks all

My issue was solved by using MASTER realm. When ever I create a new realm I get this same CORS error. So I created new realm (realm1), a new client inside this new realm and a new user inside this realm1. When I copied the keycloak.json from new client to jitsi-keycloak. When I try to use this new client to login, the login also happens, however I get this CORS error

I would really not like to use MASTER realm. How to solve this issue for NON-MASTER realm.

Hi, just for anyone else reading this, this is not a realm issue, you can use the jitsi-keycloak app from every realm, this issue has to to with other misconfiguration

I agree… this issue was due to a misconfiguration in app. Nothing to do with realm