[英]How to fix: CORS issue on SAML2 SSO on WSO2 Identity Server Service Provider?
I have created a Servive Provider with SAML2 Web SSO. 我已经使用SAML2 Web SSO创建了服务提供程序。
I have a application with Node JS server and React Js Front End running on separate port 3000 (node) and 3001 (react). 我有一个带有Node JS服务器和React Js前端的应用程序,它们分别在单独的端口3000(节点)和3001(反应)上运行。
There is a route " http://localhost:3000/app/login " on node that redirect to sso login page if the user is not authenticated (authentication managed by cookies). 如果用户未通过身份验证(由cookie管理的身份验证),则节点上会有一条路由“ http:// localhost:3000 / app / login ”,该路由会重定向到sso登录页面。
But if I tried to invoke the api from the frontend the I am getting the CORS issue as following: 但是,如果我尝试从前端调用api,则会收到CORS问题,如下所示:
Access to fetch at ' Here ' (redirected from ' http://localhost:3000/app ') from origin ' http://localhost:3001 ' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. 对CORS策略阻止从原点“ http:// localhost:3001 ”访问“ 在这里 ”(从“ http:// localhost:3000 / app ”重定向)的访问已被禁止:无“ Access-Control-Allow-Origin”标头出现在请求的资源上。 If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
如果不透明的响应满足您的需求,请将请求的模式设置为“ no-cors”,以在禁用CORS的情况下获取资源。
I tried this solution also but no success. 我也尝试过此解决方案,但没有成功。
I got this error in web my web-application which uses express as framewok then I installed cors package available in npm cors node.js and used it in my server side script. 我在Web应用程序中使用express作为framewok的Web应用程序中出现此错误,然后我在npm cors node.js中安装了可用的cors包,并在服务器端脚本中使用了该错误。
var express = require('express') var cors = require('cors') var app = express() app.use(cors())
Seems to be you are getting the issue while trying to access the /samlsso. 似乎是您尝试访问/ samlsso时遇到问题。 To enable
org.apache.catalina.filters.CorsFilter
filter in repository/conf/tomcat/carbon/WEB-INF/web.xml
file, as mentioned in Tomcat documentation 如Tomcat 文档中所述,在
repository/conf/tomcat/carbon/WEB-INF/web.xml
文件中启用org.apache.catalina.filters.CorsFilter
过滤器
If you want to enable CORS headers for any other web app hosted in the Identity Server (such as /authenticationendpoint
or /oauth2
) you have to do the same in the web.xml files (in case of the authentication endpoint web application, the path is repository/deployment/server/webapps/authenticationendpoint/WEB-INF/web.xml
) of those web apps as well. 如果要为Identity Server中托管的任何其他Web应用程序启用CORS标头(例如
/authenticationendpoint
或/oauth2
),则必须在web.xml文件中执行相同操作(对于身份验证终结点Web应用程序,路径为也是这些Web应用程序的repository/deployment/server/webapps/authenticationendpoint/WEB-INF/web.xml
)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.