Hi, i'm trying deployment BrowZer on GCP that configure with keycloak.
after deploy, i got the following error. Error to fetch. but i verify the fetch url is correct. Is it possible about CORS? or any other possible reason?
Hi @jason-webcomm, welcome to the community, to OpenZiti, and to Browzer!
This looks like the sorta thing we'll need @curt to scrutinize. It looks to me that things are setup properly. I see your wildcard domain is set to a CNAME -> A Record but that seems like it should be fine. I've only ever set it up a an A Record only, but it seems like what you did should be totally reasonable. Your certs are all valid and seem setup correctly too.
It sure look ok to me at a glance so we'll need Curt here. 
@woodwardjd if you look at the dev tools network trace, do you see a 401 on the request to https://ctrl.ziti.webcomm.com.tw:8441/edge/client/authenticate?method=ext-jwt ?
@curt tagged wrong jason
1 Like
@curt Hi after few test, if I open chrome on Incognito mode, that will show error fetch. when i open normal mode, that will show as below. there is no error message, but browser doesn't redirect to authentication page on keycloak.
Ahhh you're using KeyCloak. I don't know if we've ever successfully gotten that to work yet. The last time I had tried, the oidc endpoint for authorization is not at the same place as other endpoints.
@curt we don't claim to support KeyCloak yet, do we?
@woodwardjd Oops. Please forgive me 
So many Jasons. So little time.
1 Like
@jason-webcomm if you look at the dev tools network trace, do you see a 401 on the request to https://ctrl.ziti.webcomm.com.tw:8441/edge/client/authenticate?method=ext-jwt ?
@TheLumberjack I will admit to not having tested with KeyCloak yet. @jason-webcomm have you tried using a free Auth0 account yet?
@curt i review the ziti-browzer-runtime project, that depends on @auth0/auth0-spa-js. I will try to migrate it to keycloak.
That sounds amazing. If you get it working, do let us know what/how you did it! I'd love to try it.