OIDC problem after 4.5.3 -> No 'Access-Control-Allow-Origin' from userinfo endpoint
Just patched to 4.5.3...
After that, the Userinfo endpoint is not replying with an 'Access-Control-Allow-Origin' header...
Keys and Token endpoint seems to reply with Access-Control-Allow-Origin....
Anyone seen this?
Problem solved !
I had included the SAML token in the accesstoken and that made det request exceed the max headersize in apache / tomcat.
When changing to
LimitRequestFieldSize 32768 (Access Gateway)
The request gave a response with an Access-Control-Allow-Origin header.