[keycloak-user] keycloak.js: sending cookies with keycloak.updateToken()?
Stian Thorgersen
sthorger at redhat.com
Mon Aug 29 06:45:11 EDT 2016
Seems OK to me
On 26 August 2016 at 17:48, Michael Clayton <mclayton at redhat.com> wrote:
> Hi all,
>
> We have multiple keycloak nodes clustered behind a load balancer. On
> first request, the load balancer sticks users to a node by handing a
> cookie to the browser. Currently, when keycloak.js sends the
> updateToken() POST to the load balancer, it's a cross-origin call and
> thus the browser omits cookies. As a result, the load balancer doesn't
> know which keycloak node to route the request to.
>
> Here's my patch:
>
> https://github.com/mwcz/keycloak/commit/ec5289b5c8e6a8378167d4f14da682
> ef3a7ac344
>
> By setting withCredentials = true, the browser will send cookies to our
> keycloak load balancer so we can be routed properly.
>
> I would be surprised if this was desired behavior in *all* cases, so a
> blanket "always send cookies". I'd be happy to create alternate patch
> where a configuration parameter dictates whether to send cookies.
>
> Thoughts/warnings/alternatives/pitfalls?
>
> Thanks!
>
> --
> Michael Clayton
> Senior Software Engineer
> Red Hat Customer Portal
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160829/d82bc23f/attachment.html
More information about the keycloak-user
mailing list