I have question around “Access-Control-Allow-Origin” header.
We are doing a POC for one of our customers in AWS environment.
We have created a siteminder domain to protect a dummy page in SPS server.
When accessing http://one.customer.com/benchmark from my laptop browser (I have entries in my hosts file to point to one.customer.com) I can see the login.fcc page
I am seeing different domain ag.customer.com here because this is mentioned in the authentication scheme.
Upon logging in with correct username and password, I could see
URL is not found because it does not exist, and SMSESSION is generated which confirms successful authentication and authorization.
Now we are trying to use the login page (hosted on spring boot framework) from client application and this is outside the AWS environment, to POST to login.fcc.
The flow is like -- client will access the login page (hosted in app server) directly, with hardcoded values as below, populate the username and password and post it to login.fcc.
Query Parameters:
TYPE=33554433
REALMOID=06-00084fe4-26b7-1a2a-90a5-03d2ac1f5a5a
GUID=
SMAUTHREASON=0
METHOD=GET
SMAGENTNAME=-SM-EUYsTjM%2bZK27tzRuPeJzwyYzmDMrDIw6VJ0obD3GvIivvWdrY4vbfwTt01CGKMbU
TARGET=-SM-http%3a%2f%2fone%2ecustomer%2ecom%2fbenchmark
Form Data:
'USER' : 'agadmin@customer.com',
'PASSWORD' : 'Mindtree@123',
'SMENC' : 'UTF-8',
'SMLOCALE': 'US-EN',
'target' : 'http://one.customer.com/benchmark’
'smquerydata' : '',
'smauthreason' : '0',
'smagentname' : '-SM-EUYsTjM+ZK27tzRuPeJzwyYzmDMrDIw6VJ0obD3GvIivvWdrY4vbfwTt01CGKMbU',
'postpreservationdata' : ''
We are seeing an issue with “Access-Control-Allow-Origin” header.
We can see below header from browser:
Also, client showed me the below code snippet where “Access-Control-Allow-Origin” is added to the header with ‘*’ value.
Based on this we are clear that “Access-Control-Allow-Origin” header is added in the request.
But not sure why we are still getting this.