It doesn't look like you can send any header with the HTTP Upgrade
request done by the browser. It could be done by sending the token with
the WebSocket connect url as a query param. This would have to be a
one-off highly constrained token though.
On 1/16/2015 12:26 PM, Pedro Igor Silva wrote:
Some time ago Shane and I were investigating WebSocket security using
PicketLink [1] and JEE. Specially when using CDI [2].
Some references:
[1]
https://issues.jboss.org/browse/PLINK-628
[2]
https://issues.jboss.org/browse/CDI-370
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Friday, January 16, 2015 2:42:13 PM
Subject: Re: [keycloak-dev] WebSocket integration
Single page app would work with cookie and server side adapter. I don't
know how it would work with javascript. You'd have to send the token
with the HTTP Upgrade request.
On 1/16/2015 11:31 AM, Juraci Paixão Kröhling wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
>
> I'm investigating the possibility of protecting a WebSocket endpoint
> with Keycloak and I found out that it works out of the box with
> cookie-based authentication, meaning, the web page that opens the web
> socket client should itself be protected, so that the cookie is sent
> on the WebSocket request and authentication is made (confidential).
>
> In my target scenario, however, the web page is a single-page app
> (public) talking with a backend (bearer-only) in another host.
>
> So, I'd like to know if there's anything planned on the WebSockets
> front for such scenario. For instance, a JavaScript utility that
> handles the setup of the socket (either with a custom protocol, or an
> initial message with the bearer token, or another alternative) and a
> server counterpart for this.
>
> If there isn't yet, I'll probably have some time to explore this.
>
> - - Juca.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBAgAGBQJUuTzdAAoJEDnJtskdmzLMgSIH/2eGoZSzUcsXL2zs7tyLEAIL
> LTHBOY0vlr3KDRIWMcab8ijIAKt5u+JQnb4fJlEEXW1C8+QKNSDJYsfj/HcGnDcg
> TM2kzhy4HS9O8CnlRqKEm6FlRKfgV3R/64huFXCRXmIdkxiKGgMQvmhWmlrDFHVy
> ZRtaNk3e433LkD4/fYdWIobjdtxZTv4xAglWAgXCAVdXJCy8Sp+yiopU7LNMqb75
> mgWk89h8U5nl/J9HuAd8+oZH9qg35lwI1LZOPRRwpyl4td4x1tDR2lQc1SJmS47g
> N2ES3jTtGHWMDEfsxDyLIQ6TmC1+r1Yoid51jILqaxlYGWgH/eRtnwny0Qczj+w=
> =x0ZO
> -----END PGP SIGNATURE-----
>
_______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>