We have a microservice deployed on EKS with Traefik Ingress controller. We have Keycloak Gatekeeper as sidecar for authentication purpose. This setup works well.
We want to have websockets in our microservice. Now, the problem is that JavaScript cannot send Authroization header (or in fact any header) on WebSocket request. This causes gatekeeper to deny the request.
Is there any way to resolve this? Java keycloak adapter has the capability of reading access_token from query param and do the auth based on that. But this seems to be missing with gatekeeper
- Can somehow Traefik be used to read access_token from query params and put in Auth header.
- Is there any setting in gatekeeper for this? Can gatekeeper be enhanced somehow to handle such scenario?
