Logout notifications always red X (failed)
Petr Hroudný
petr.hroudny at gmail.com
Thu Aug 12 09:08:26 UTC 2021
The problem was caused by jetty-9.4.43.v20210629, which in
etc/jetty-rewrite.xml unconditionally sets:
*X-Frame-Options*: DENY
Shibboleth correctly ommits X-Frame-Options on SLO pages and follows
idp.frameoptions setting on SSO pages, so after modification of
jetty-rewrite.xml SLO works as expected.
Regards, Petr
št 12. 8. 2021 o 10:43 Petr Hroudný <petr.hroudny at gmail.com> napísal(a):
> st 11. 8. 2021 o 23:35 Cantor, Scott <cantor.2 at osu.edu> napísal(a):
>
>>
>> The reporting is very difficult to debug but a look at a javascript
>> console might reveal an incompatibility of some kind.
>>
>> Getting a peek at the HTML coming back in the frames is the only other
>> way to really gauge what might be happening.
>>
>
> The console revealed this:
>
> The loading of “
> https://........../idp/profile/SAML2/Redirect/SLO?SAMLResponse=
> <https://idp.stuba.sk/idp/profile/SAML2/Redirect/SLO?SAMLResponse=fZFPa8MwDMW%2FSvC9sZ26%2BWOawFgvhY5BU3rYpdiJspqldogcuo%2B%2FJKWsg9Gj0Ht6%2BklrVJe2kzv36Qa%2FB%2BycRQi%2BL61FObdyMvRWOoUGpVUXQOkrWb687WQUMtn1zrvKtSTYAHpjlTfO5uTsfYeSUlN3IfpBqxC%2FpoKO%2Bsa0QKcBEd1DbXqoPC137yTYbnJySoXQSiQV56DqOKsTvUpExpmOeZxmKR9l9r7mwY0GxldxEydCNdlyCVmcpGKlRSwSVacRbyYD4gBbi15Zn5OIRXzB0gWPDiyVLJOMfZDgCD3Om49QpFhP5HL29Q%2B3eH4KhQj9hE%2BKO%2F71eg1RNWDqiR%2FPRmvXgj%2Bv6UPALa2TpVd%2BwL%2FVq6shOKp2gOfZOKtlOVQVIBJa3BJ%2Bh9L%2F3lz8AA%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=oa3as%2FX60GhW5I74wFW80xu2vUhYH48xgd1heSMs%2FWZrmN28gLowLpLTlQ09r9DkzLIRZLtK21KGPTKukBu6mHgrXf9qMpjyWMYHXNv%2F%2BR0s1EJTcTRtHY1SXJFMJDV9eodrecbmUi7mxou61%2Bnnt2FY2AYVacLjMSicI9xA%2FvxKUmkvMNYXp9ITjWTpiVll9xdNIXraRX8zommH9U10wKy%2BRWmVev%2BPonMP2yXGYMzyD2CaU9kfbQK5WbnjWQULCWgRxx8jR7ljx9E4aYi5JSM1D7xsKbR7w4CmuIAuCqz%2FlPS5eo%2BmFEk6OYBINhzxD8QDvO8TeRqSjnVerxNq8FRM5isNK1XpMX0aosiRXMZydIPrwIe91eNBXYKcAPob%2BK6ILHS%2BadSUZZ6PjmGbqb77l06fk%2BnPbmbHfGk13JTFZscJK0O%2FFaOdThW3mEAriF23G8S7teSRub1alKyz5jAbg%2BKeZRjPmbFxtdDmqm9YuLDPICl50MeyhROTJadJ>.....
> in a frame is denied by “X-Frame-Options“ directive set to “DENY“.
>
> Tried to set idp.frameoptions to SAMEORIGIN or empty, but it's apparently
> buggy:
>
> - during SSO, it produces:
>
> *X-Frame-Options*: DENY, SAMEORIGIN
>
> - during SLO, idp.frameoptions is completely ignored, and DENY is
> hardcoded at some other place:
>
> *X-Frame-Options*: DENY
>
> Thanks, Petr
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210812/7da259d4/attachment.htm>
More information about the users
mailing list