I am struggling with jitsi-keycloak since few days now. I am getting CORS error like this in browser
Access to XMLHttpRequest at 'https://auth.MYDOMAIN.com/auth/realms/VC%20Realm/protocol/openid-connect/auth?client_id=vctestclient&state=e4bbde20-34e8-4d42-89ac-a1ac03724948&redirect_uri=http%3A%2F%2Fjk.MYDOMAIN.com%2Fapi%2Fconfig%3Fauth_callback%3D1&scope=openid&response_type=code' (redirected from 'https://jk.MYDOMAIN.com/api/config') from origin 'https://jk.MYDOMAIN.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Here is my setup:
- AWS EC2 running docker-jitsi-desktop with proper setting (ENABLE_AUTH=1, AUTH_TYPE=jwt and JWT_APP_ID=APPID )
- Another AWS EC2 running
2.1) jitsi-keycloak started using docker-compose ( https://jk.MYDOMAIN.COM )
2.2) keycloak ( https://auth.MYDOMAIN.COM ) and postgres inside separate docker containers using this docker compose file keycloak-containers/keycloak-postgres.yml at master · keycloak/keycloak-containers · GitHub AND
2.3) an NGINX reverse proxy docker and letsencrypt sidecar docker using repo at GitHub - jwulf/letsencrypt-nginx-sidecar: Run letsencrypt and nginx in a docker-compose side car which starts keycloak and postgres docker containers . NGINX handles reverse proxy for jitsi-keycloak and keycloak. Letsencrypt sidecar automatically requests letsencrypt cert for associated domains.
I have done all the settings mentioned in GitHub - d3473r/jitsi-keycloak: Login to jitsi with keycloak https://hub.docker.com/r/d3473r/jitsi-keycloak but I keep getting this error in browser. My workflow currently is.
Visit jk.MYDOMAIN.com . This redirects to keycloak login page. Before putting credentials, I open the developer tools to see the console. When I click Sign In, I get logged in and immediately see this error (mentioned on the top of this writeup. Nothing happens when I enter the room name and press OPEN JITSI button. Nothing happens
Here is how keycloak is setup
Here is the keycloak.json
Please let me know what I am doing wrong. If you need more info please let me know and I will send quickly.
Any help is appreciated @florianoverkamp @emrah @fabian_s @Fabian_H @Ivan_Morozoff @andreas_h @santoshaimpace @ARUNODHAYAM_S @bstaylor12 @saghul
Thanks in advance
Going out on limb here and pondering thats more keycloak related than jitsi related. Googling ‘Access-Control-Allow-Origin keycloak’ gets us:
Which looks similar. I’d give it a go.
That post does not have much good info for my problem.
Here is what I did to solve part of the problem. Initially I had created new Realm. I deleted that realm and used the master realm. Just that change alone solved all the problems and now I am able to use my setup correctly.
Thank you community. Please let me know if anybody has questions on this setup
I was wrong. The actual problem was that I was trying to use a non-master realm (VC Realm) without creating a user inside that realm. After I created a user inside that non-master realm (VC Realm) using Keycloak dashboard everything is working. I guess I will have to read more on how to use keycloak.
My issue was solved by using MASTER realm. When ever I create a new realm I get this same CORS error. So I created new realm (realm1), a new client inside this new realm and a new user inside this realm1. When I copied the keycloak.json from new client to jitsi-keycloak. When I try to use this new client to login, the login also happens, however I get this CORS error
I would really not like to use MASTER realm. How to solve this issue for NON-MASTER realm.
Hi, just for anyone else reading this, this is not a realm issue, you can use the jitsi-keycloak app from every realm, this issue has to to with other misconfiguration
I agree… this issue was due to a misconfiguration in app. Nothing to do with realm
Hi, did you solve the problem?
I’ve also stuck with the:
Access to XMLHttpRequest at 'https://keycloak.test.lan/auth/realms/jitsi/protocol/openid-connect/auth?client_id=jitsi&state=841d9353-4895-4f23-80fc-61d23908c9f6&redirect_uri=http%3A%2F%2Fauth-jitsi.test.lan%2Fapi%2Fconfig%3Fauth_callback%3D1&scope=openid&response_type=code' (redirected from 'https://auth-jitsi.test.lan/api/config') from origin 'https://auth-jitsi.test.lan' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I’ve paid attention on this part of message
edirect_uri=http (should be https, imo) but anyway even with Web Origins = “*” in the
keycloak it does not work.