x-frame-options in IdP

IAM David Bantz dabantz at alaska.edu
Wed Aug 17 19:02:21 UTC 2022

A well know service provider (Kaltura, aka MediaSpace) is deploying a
revised integration and has asked/told us to “remove" the default IdP
setting x-frame-options=DENY. I do not have deep understanding of the
issue, but it seems an unnecessary/unwarranted reduction in the IdP’s
security posture. Have others encountered similar request and if so, what
are you doing in response?

David St Pierre Bantz
U Alaska IAM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220817/c808c065/attachment.htm>

More information about the users mailing list