Logout notifications always red X (failed)
petr.hroudny at gmail.com
Thu Aug 12 09:08:26 UTC 2021
The problem was caused by jetty-9.4.43.v20210629, which in
etc/jetty-rewrite.xml unconditionally sets:
Shibboleth correctly ommits X-Frame-Options on SLO pages and follows
idp.frameoptions setting on SSO pages, so after modification of
jetty-rewrite.xml SLO works as expected.
št 12. 8. 2021 o 10:43 Petr Hroudný <petr.hroudny at gmail.com> napísal(a):
> st 11. 8. 2021 o 23:35 Cantor, Scott <cantor.2 at osu.edu> napísal(a):
>> console might reveal an incompatibility of some kind.
>> Getting a peek at the HTML coming back in the frames is the only other
>> way to really gauge what might be happening.
> The console revealed this:
> The loading of “
> in a frame is denied by “X-Frame-Options“ directive set to “DENY“.
> Tried to set idp.frameoptions to SAMEORIGIN or empty, but it's apparently
> - during SSO, it produces:
> *X-Frame-Options*: DENY, SAMEORIGIN
> - during SLO, idp.frameoptions is completely ignored, and DENY is
> hardcoded at some other place:
> *X-Frame-Options*: DENY
> Thanks, Petr
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users