P3P Headers missing in SSO URL
Cantor, Scott
cantor.2 at osu.edu
Wed Nov 28 00:34:33 EST 2012
On 11/28/12 12:23 AM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
>
>>
>>We are able to detect the P3P headers in all pages in the website except
>>for the ones that are related to Shibboleth -
>>https://[our domain]/Shibboleth.sso/SAML2/POST itself and the configured
>>error pages.
>
>I just verified that behavior, please file a bug.
Actually, don't, this is actually your mistake. See the docs on the Header
command. Handlers in the SP that are generating redirects are returning
non-200 status responses, which means you need to override the default
"condition" of "onsuccess" in the Header command to "always".
Header always set ...
That worked fine for me. Still won't make frames work, but others have
reported this Header issue before, and never followed up, so at least
that's answered.
-- Scott
More information about the users
mailing list