Cross-origin resource sharing (CORS) lets user agents make cross-domain server requests. In AM, you can configure CORS to allow browsers from trusted domains to access AM-protected resources. For example, you might want a custom web application running on your own domain to get an end-user’s profile information using the AM REST API.
When trying out the ForgeRock SDKs you run sample applications locally using a DNS alias, such as
sdkapp.example.com. You need to add accepted origin domains to the configuration based on the DNS alias you give to your apps.
To enable CORS in AM, and create a CORS filter to allow requests from your configured domain names, follow these steps:
Log in to the AM admin UI as an administrator.
Navigate to Configure > Global Services > CORS Service > Configuration, and set the Enable the CORS filter property to
If this property is not enabled, CORS headers are not added to responses from AM, and CORS is disabled entirely.
On the Secondary Configurations tab, click Click Add a Secondary Configuration.
In the Name field, enter
in the Accepted Origins field, enter any DNS aliases you use for your SDK apps.
This documentation assumes the following configuration:
AM displays the configuration of your new CORS filter.
On the CORS filter configuration page:
Figure 1. Example of the completed ForgeRock SDK CORS filter
Ensure Enable the CORS filter is enabled.
Set the Max Age property to
Ensure Allow Credentials is enabled.
Click Save Changes.