[keycloak-dev] redirects vs. javascript logins

To do SSO, keycloak server sets a session cookie so that the user doesn't have to relogin if the cookie is set. This will have issues with the custom login, like the way the Event Juggler app works. Correct me if I'm wrong, but for Event Juggler, the login page is hosted at the Event Juggler website? And the app would do an HTTP invocation to obtain the token, correct? The problem with this approach is that we wouldn't be able to set the login session cookie as all cookies will be HttpOnly and not accessible via javascript (due to security issues). So, SSO would not work, and the user would have to relogin for each additional site they visited. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com