I have set up a local kind cluster with traefik 2.10.5 and the forward-auth middleware (https://github.com/mesosphere/traefik-forward-auth) which authenticates to a local Keycloak instance.
To be able to debug my web-application I created also an IngressRoute with traefik which routes to a service of type ExternalName which points to my localhost.
Browser -> Traefik (Kind) -> back to my host which has started a vite dev server.
This just as additional information.
My application creates a websocket tunnel with guacamole-js to our custom guacamole API (served with tomcat).
Routing and forward auth does work, but there some issues.
The problems described below occur whether the tomcat server is in the cluster or locally (and routed like the local web application)
- when I look at my traefik logs, I do see every http request, including the one which initializes the websocket connection.
But I don't see any sent websocket messages in the logs despited them being received succesfully. - When I logout via keycloak and then would reopen my web application I would get redirected to keycloak as expected.
But when the websocket connection has been succesfully created before logging out, it will happily send/receive messages regardless if the user is logged in or not.
Is this expected behavior or am I missing something?
Maybe for some reason, with my setup, it doesn't even get routed through traefik?
Can this even be solved with traefik and treafik-forward-auth?
Hope it's clear what I mean