WebSocket is a protocol defined in RFC 6455.
It allows bi-directional communication on top of TCP. See diagram below.
The communication starts with an HTTP request from the client, asking for a connection upgrade to websocket. This request contains a challenge (the key).
The server response contains the answer to this challenge.
Then, if everything is successful, the communication continues on top of TCP. The client and server can send requests from both side.
You can protect your websocket application with the classic LemonLDAP::NG handler.
The handler is set up as an HTTP/TCP reverse-proxy in front of the websocket application.
You can configure the access rules and headers as usual.
Note
This scenario has been tested with Nginx.
Be careful of the following scenario :
The unprotected page must manage the 302 return code sent by the SSO portal