Is there any way to establish session with client (webapp with browser
enabled authn, not a Bearer type) by XMLHttpRequest?
I have central webapp which provide access to other services (restful). The
problem is that when I login into central app I establish session with
jsessionid connected to it. That works fine until I try to access other
services. I have front-end as a single page (ExtJS) which issue
XMLHttpRequest to service (separate web app in the same server). By the
time I login into central app browser has its jsessionid, but to access
other service, I need to establish another session and keycloak has to
generate another jsessionid for me to access this service. And I can't get
it supposedly because of XMLHttpRequest not a HttpRequest.
For example, for this request (with jsessionid of central webapp):
GET /rest/test HTTP/1.1
Host: localhost:8080
*X-Requested-With: XMLHttpRequest*
Cookie: JSESSIONID=XAVXi...
Connection: keep-alive
Response is (I ommited some unimportant headers):
*HTTP/1.1 401 Unauthorized*
Expires: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-Powered-By: Undertow/1
Server: WildFly/9
Pragma: no-cache
Connection: keep-alive
*WWW-Authenticate: Bearer realm="Unknown"*
And when I change request to generic http, I got correct jsessionid and can
access my rest service.