CORS support - SSO
SSO Server
CORS with credentials enabled
- Access-Control-Allow-Credentials: true
- Access-Control-Allow-Methods: GET, POST
- Access-Control-Allow-Origin: *
Endpoint | Description |
---|---|
/uas/refresh/* | The session refresh endpoint |
CORS enabled
- Access-Control-Allow-Methods: GET, POST
- Access-Control-Allow-Origin: *
Endpoint | Description |
---|---|
/uas/saml2/metadata.xml /uas/wsf/FederationMetadata.xml /uas/.well-known/* | Metadata endpoints for SAML 2.0, WS-Federation, OAuth 2.0 and OpenID Connect 1.0 |
/uas/discovery/* | Discovery and Template API |
/uas/status | Status endpoints |
/uas/oauth2/token | OAuth 2.0 and OpenID Connect 1.0 protocol endpoints Cannot use client_secret_basic client credentials, other client credentials types are possible Authorization endpoint is not CORS enabled |
CORS disabled
For any other SSO Server endpoints, all CORS requests are blocked.
Password
All CORS requests are blocked.
Management Console
All CORS requests are blocked.