Disable session-based, switch to token-based authentication in Zeppelin

95 views Asked by At

I integrate Apache Zeppelin with Keycloak and use the pac4j library for OIDC authentication. Each time I call an API, such as creating a new interpreter in a notebook, it goes with the Cookie: JSESSIONID in the header request. I'm trying to remove or disable that JSESSIONID to switch to using token authentication provided by Keycloak. I've tried to research, but it seems hopeless. I want to ask:

1. When and where is JSESSIONID created?
2. Is disabling it a good choice?
3. I'm still struggling to understand its authentication flow. Can someone explain?

If I know where JSESSIONID is created and where it is processed in Pac4j or Keycloak (if it is), I will know how to disable it, or at least I can use a token to authenticate without touching JSESSIONID.

Thanks in advance!

I want to call APIs interact with Zeppelin with only token.

0

There are 0 answers