Hi all,
We have multiple keycloak nodes clustered behind a load balancer. On
first request, the load balancer sticks users to a node by handing a
cookie to the browser. Currently, when keycloak.js sends the
updateToken() POST to the load balancer, it's a cross-origin call and
thus the browser omits cookies. As a result, the load balancer doesn't
know which keycloak node to route the request to.
Here's my patch:
https://github.com/mwcz/keycloak/commit/ec5289b5c8e6a8378167d4f14da682ef3...
By setting withCredentials = true, the browser will send cookies to our
keycloak load balancer so we can be routed properly.
I would be surprised if this was desired behavior in *all* cases, so a
blanket "always send cookies". I'd be happy to create alternate patch
where a configuration parameter dictates whether to send cookies.
Thoughts/warnings/alternatives/pitfalls?
Thanks!
--
Michael Clayton
Senior Software Engineer
Red Hat Customer Portal