/
CORS support - SSO
CORS support - SSO
- Former user (Deleted)
Owned by Former user (Deleted)
2022-10-24
Analytics
Loading data...
SSO Server
CORS with credentials enabled
As of Identity Server 8.3.2 any resources that are shared across origins and require to authenticate the user are disabled by default as their allowed origins are required to be declared explicitly..
- Access-Control-Allow-Credentials: true
- Access-Control-Allow-Methods: GET, POST
- Access-Control-Allow-Origin: https://www.example.com
| Endpoint | Description |
|---|---|
/uas/refresh/* | The session refresh endpoint |
CORS enabled
- Access-Control-Allow-Methods: GET, POST
- Access-Control-Allow-Origin: *
| Endpoint | Description |
|---|---|
/uas/saml2/metadata.xml /uas/wsf/FederationMetadata.xml /uas/.well-known/* | Metadata endpoints for SAML 2.0, WS-Federation, OAuth 2.0 and OpenID Connect 1.0 |
/uas/discovery/* | Discovery and Template API |
/uas/status | Status endpoints |
/uas/oauth2/token | OAuth 2.0 and OpenID Connect 1.0 protocol endpoints Cannot use client_secret_basic client credentials, other client credentials types are possible Authorization endpoint is not CORS enabled |
CORS disabled
For any other SSO Server endpoints, all CORS requests are blocked.
Password
All CORS requests are blocked.
Management Console
All CORS requests are blocked.
References
Related content
Configuring CORS with credentials - SSO
Configuring CORS with credentials - SSO
Read with this
CORS support - SSO
CORS support - SSO
More like this
Configuring CORS with credentials - SSO
Configuring CORS with credentials - SSO
Read with this
CORS support - SSO
CORS support - SSO
More like this
CORS support - SSO
CORS support - SSO
More like this
CORS support - SSO
CORS support - SSO
More like this
This web page (including any attachments) may contain confidential, proprietary, or privileged information – not for disclosure without authorization from Ubisecure Inc. Copyright © 2025. All Rights Reserved.