I integrate Apache Zeppelin with Keycloak and use the pac4j library for OIDC authentication. Each time I call an API, such as creating a new interpreter in a notebook, it goes with the Cookie: JSESSIONID in the header request. I'm trying to remove or disable that JSESSIONID to switch to using token authentication provided by Keycloak. I've tried to research, but it seems hopeless. I want to ask:
1. When and where is JSESSIONID created?
2. Is disabling it a good choice?
3. I'm still struggling to understand its authentication flow. Can someone explain?
If I know where JSESSIONID is created and where it is processed in Pac4j or Keycloak (if it is), I will know how to disable it, or at least I can use a token to authenticate without touching JSESSIONID.
Thanks in advance!
I want to call APIs interact with Zeppelin with only token.