@pitaj No, outside iframe everything is working.
Tested with and without *, also tried to write direct values / domains into fields. Each time the same result.
Also it looks that csrf token is sending in login request.
I suspect that problematic could be cookies, but can't find direct reason. That's why I'm asking for help.