<div dir="ltr">Seems OK to me</div><div class="gmail_extra"><br><div class="gmail_quote">On 26 August 2016 at 17:48, Michael Clayton <span dir="ltr"><<a href="mailto:mclayton@redhat.com" target="_blank">mclayton@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all,<br>
<br>
We have multiple keycloak nodes clustered behind a load balancer. On<br>
first request, the load balancer sticks users to a node by handing a<br>
cookie to the browser. Currently, when keycloak.js sends the<br>
updateToken() POST to the load balancer, it's a cross-origin call and<br>
thus the browser omits cookies. As a result, the load balancer doesn't<br>
know which keycloak node to route the request to.<br>
<br>
Here's my patch:<br>
<br>
<a href="https://github.com/mwcz/keycloak/commit/ec5289b5c8e6a8378167d4f14da682ef3a7ac344" rel="noreferrer" target="_blank">https://github.com/mwcz/<wbr>keycloak/commit/<wbr>ec5289b5c8e6a8378167d4f14da682<wbr>ef3a7ac344</a><br>
<br>
By setting withCredentials = true, the browser will send cookies to our<br>
keycloak load balancer so we can be routed properly.<br>
<br>
I would be surprised if this was desired behavior in *all* cases, so a<br>
blanket "always send cookies". I'd be happy to create alternate patch<br>
where a configuration parameter dictates whether to send cookies.<br>
<br>
Thoughts/warnings/<wbr>alternatives/pitfalls?<br>
<br>
Thanks!<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Michael Clayton<br>
Senior Software Engineer<br>
Red Hat Customer Portal<br>
______________________________<wbr>_________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-user</a><br>
</font></span></blockquote></div><br></div>