Your OPTIONS request is not sending any authentication header with the ticket that I can see. So even though you have authenticated before, this call is again unauthenticated and thus a 403 is expected.
How to resolve this error? Anything needs to be changed in ADF side? I have similar configuration in my ACS. I have allowed CORS with given filters. Still I'm getting 403 error. When I put cors.allowed.origin=*, I'm able to login. But, with specific IP/host, I'm getting 403.
A list oforiginsthat are allowed to access the resource. A*can be specified to enable access to resource from any origin. Otherwise, an allow list of comma separated origins can be provided. Eg:https://www.w3.org, https://www.apache.org.Defaults:The empty String. (No origin is allowed to access the resource).