[keycloak-user] JavaScript client, iframe and IE
Thomas Raehalme
thomas.raehalme at aitiofinland.com
Thu Apr 14 09:22:09 EDT 2016
I created KEYCLOAK-2828 for this issue and will do a PR as well.
What do you think the value should be? As I wrote earlier it does not seem
to make a difference to IE.
Best regards,
Thomas
On Thu, Apr 14, 2016 at 4:16 PM, Stian Thorgersen <sthorger at redhat.com>
wrote:
> Can you create a JIRA for it please? If you fancy doing a PR you can add
> the header to LoginStatusIframeEndpoint.
>
> On 14 April 2016 at 15:09, Thomas Raehalme <
> thomas.raehalme at aitiofinland.com> wrote:
>
>> On Thu, Apr 14, 2016 at 4:01 PM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>
>>> What do you mean about "if the URL is something like"?
>>>
>>> The only iframe Keycloak uses is in the JavaScript adapter and it's only
>>> the session iframe. That would be the only place it would be relevant for
>>> Keycloak to set P3P header, but don't think it's need AFAIK it works
>>> just fine on IE.
>>>
>>
>> Sorry for being a little too vague.
>>
>> Among other UIs our application has a web front-end based on AngularJS
>> and it's utilizing the JavaScript adapter for authentication. When I login
>> to the application I can inspect the HTML and see an <iframe /> element
>> with the following URL:
>>
>>
>> https://keycloak-server/auth/realms/xxxx/protocol/openid-connect/login-status-iframe.html?client_id=xxxx&origin=xxxx
>>
>> Without the P3P header there is an eternal loop between our web front-end
>> and Keycloak where the browser is being redirected from one to the other.
>> After adding the P3P header the problem was solved.
>>
>> Best regards,
>> Thomas
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160414/bca21160/attachment.html
More information about the keycloak-user
mailing list