iframe in the IdP 4.0.0 issue
Michael Grady
mgrady at unicon.net
Sat Jul 11 18:14:54 UTC 2020
> On Jul 11, 2020, at 11:47 AM, XiaoXia Dong <x-dong at northwestern.edu> wrote:
>
> Hello,
>
> We have a production issue after our upgrade to Shibboleth IdP 4.0.0. One of our application could not be loaded properly from an iframe. We need to figure out how to allow the IdP to load in an iframe for an application.
>
> Have anyone has a solution for this? Your help is greatly appreciated. Thanks
>
What id you have before for these properties in idp.properties? You must have set the following to something else (null, i.e. no value) for iFrames to work in IdP 3.4.x.
# X-Frame-Options value, set to DENY or SAMEORIGIN to block framing
#idp.frameoptions = DENY
# Content-Security-Policy value, set to match X-Frame-Options default
#idp.csp = frame-ancestors 'none';
And IdPv4 adds the following:
https://wiki.shibboleth.net/confluence/display/IDP4/Cross-Site+Request+Forgery+%28CSRF%29+Protection
--
Michael A. Grady
IAM Architect, Unicon, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200711/5ca0149c/attachment.htm>
More information about the users
mailing list