<div dir="ltr"><div><div>No more actual.<br></div>I fixed it by using bearer type auth instead of confidential.<br></div>I generated token and set its value to front-end ExtJs.<br><div><div><div><div><div class="gmail_extra"><br><div class="gmail_quote">2016-02-09 18:25 GMT+03:00 Andrey Saroul <span dir="ltr"><<a href="mailto:andrey.saroul@gmail.com" target="_blank">andrey.saroul@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>Is there any way to establish session with client (webapp with browser enabled authn, not a Bearer type) by XMLHttpRequest?<br></div><div>I have central webapp which provide access to other services (restful). The problem is that when I login into central app I establish session with jsessionid connected to it. That works fine until I try to access other services. I have front-end as a single page (ExtJS) which issue XMLHttpRequest to service (separate web app in the same server). By the time I login into central app browser has its jsessionid, but to access other service, I need to establish another session and keycloak has to generate another jsessionid for me to access this service. And I can't get it supposedly because of XMLHttpRequest not a HttpRequest.<br></div><br></div>For example, for this request (with jsessionid of central webapp): <br>GET /rest/test HTTP/1.1<br>Host: localhost:8080<br><b>X-Requested-With: XMLHttpRequest</b><br>Cookie: JSESSIONID=XAVXi...<br>Connection: keep-alive<br><br></div>Response is (I ommited some unimportant headers): <br><b>HTTP/1.1 401 Unauthorized</b><br>Expires: 0<br>Cache-Control: no-cache, no-store, max-age=0, must-revalidate<br>X-Powered-By: Undertow/1<br>Server: WildFly/9<br>Pragma: no-cache<br>Connection: keep-alive<br><b>WWW-Authenticate: Bearer realm="Unknown"<br><br></b></div>And when I change request to generic http, I got correct jsessionid and can access my rest service.<br></div>
</blockquote></div><br></div></div></div></div></div></div>