Configuring CORS for FAPI
FAPI clients make their requests through PingGateway. This includes requests to authenticate end users in the process of getting an ID token. The end user authenticates through the PingOne Advanced Identity Cloud end-user UI. End-user authentication involves a cross-domain request from the PingGateway domain to the PingOne Advanced Identity Cloud domain.
Cross-origin resource sharing (CORS) lets user-agents make cross-domain server requests. Follow these steps to allow cross-domain requests from PingGateway to PingOne Advanced Identity Cloud:
-
Sign on to the Advanced Identity Cloud admin UI as an administrator.
-
Create a custom CORS configuration with the following settings.
CORS configurations apply for all tenant realms. Setting Use Name
FAPI
Accepted Origins
The PingGateway endpoint, such as
https://gateway.example.com:8443
Accepted Methods
DELETE
FETCH
GET
OPTIONS
PATCH
POST
PUT
Accepted Headers
The Cookie name for your tenant (
iPlanetDirectoryPro
by default for self-hosted AM)
accept-api-version
accept-encoding
accept-language
accept
authority
authorization
content-type
cookie
method
path
referer
scheme
sec-ch-ua-mobile
sec-ch-ua-platform
sec-ch-ua
sec-fetch-dest
sec-fetch-mode
sec-fetch-site
sec-fetch-user
upgrade-insecure-requests
user-agent
x-forgerock-transactionid
x-requested-with
Exposed Headers
(under Show advanced settings)access-control-allow-origin
cache-control
content-api-version
content-language
content-length
content-type
date
etag
expires
last-modified
pragma
set-cookie
strict-transport-security
x-content-type-options
x-forgerock-transactionid
x-frame-options
-
Click Save CORS Configuration.
You have successfully configured CORS for FAPI.