Re: [keycloak-user] JavaScript client, iframe and IE

I think we need to make it configurable. Could use messages from login theme as a simple solution? sessionIframeP3P=CP="This is not a P3P policy!" On 14 April 2016 at 16:06, Thomas Raehalme <thomas.raehalme(a)aitiofinland.com > Well I didn't mean exactly the same message with a link and everything, > but just something like "This is not a policy definition." > > Best regards, > Thomas > On Apr 14, 2016 17:03, "Stian Thorgersen" <sthorger(a)redhat.com> >> I don't think the Google way is good for us as we'd need to have a >> similar page. Further, it wouldn't be correct to have a Keycloak page that >> describes the policy for other companies. So we need to figure out what the >> correct value should be I think. >> >> On 14 April 2016 at 16:00, Thomas Raehalme < >> thomas.raehalme(a)aitiofinland.com>> >>> W3C has the spec but since nobody is really using this I don't think the >>> value matters. But instead of making up some policy definition I think that >>> the Google way would be the best. What do you think? >>> >>> Best regards, >>> Thomas >>> On Apr 14, 2016 16:54, "Stian Thorgersen" <sthorger(a)redhat.com>>> >>>> I've got no clue what the value should be, tried to search on Google, >>>> but doesn't make much sense to me. >>>> >>>> On 14 April 2016 at 15:30, Jukka Sirviö <Jukka.Sirvio(a)mipro.fi>>>> >>>>> there is discussion on this issue, also on stack overflow >>>>> >>>>> http://stackoverflow.com/questions/32120129/keycloak-is-causing-ie-to-hav... >>>>> >>>>> “Header always set P3P "CP=ALL DSP COR CUR ADM PSA CONi OUR SAM OTR >>>>> UNR LEG"” >>>>> >>>>> >>>>> Lähettäjä: keycloak-user-bounces(a)lists.jboss.org [mailto: >>>>> keycloak-user-bounces(a)lists.jboss.org] Puolesta Thomas Raehalme >>>>> Lähetetty: 14. huhtikuuta 2016 16:22 >>>>> Vastaanottaja: Stian Thorgersen >>>>> Kopio: keycloak-user >>>>> Aihe: Re: [keycloak-user] JavaScript client, iframe and IE >>>>> >>>>> I created KEYCLOAK-2828 for this issue and will do a PR as well. >>>>> >>>>> What do you think the value should be? As I wrote earlier it does not >>>>> seem to make a difference to IE. >>>>> >>>>> Best regards, >>>>> Thomas >>>>> >>>>> >>>>> On Thu, Apr 14, 2016 at 4:16 PM, Stian Thorgersen <sthorger(a)redhat.com&gt; >>>>>>>>> Can you create a JIRA for it please? If you fancy doing a PR you can >>>>> add the header to LoginStatusIframeEndpoint. >>>>> >>>>> On 14 April 2016 at 15:09, Thomas Raehalme < >>>>> thomas.raehalme(a)aitiofinland.com>>>>> On Thu, Apr 14, 2016 at 4:01 PM, Stian Thorgersen <sthorger(a)redhat.com&gt; >>>>>>>>> What do you mean about "if the URL is something like"? >>>>> >>>>> The only iframe Keycloak uses is in the JavaScript adapter and it's >>>>> only the session iframe. That would be the only place it would be relevant >>>>> for Keycloak to set P3P header, but don't think it's need AFAIK it works >>>>> just fine on IE. >>>>> >>>>> Sorry for being a little too vague. >>>>> >>>>> Among other UIs our application has a web front-end based on AngularJS >>>>> and it's utilizing the JavaScript adapter for authentication. When I login >>>>> to the application I can inspect the HTML and see an <iframe /> element >>>>> with the following URL: >>>>> >>>>> >>>>> https://keycloak-server/auth/realms/xxxx/protocol/openid-connect/login-st... >>>>> >>>>> Without the P3P header there is an eternal loop between our web >>>>> front-end and Keycloak where the browser is being redirected from one to >>>>> the other. After adding the P3P header the problem was solved. >>>>> >>>>> Best regards, >>>>> Thomas >>>>> >>>>> >>>>> >>>>> ________________________________ >>>>> >>>>> Tämä sähköpostiviesti (liitteineen) saattaa sisältää luottamuksellista >>>>> tietoa, joka on tarkoitettu >>>>> vain vastaanottajalleen. Jos et ole oikea vastaanottaja, ilmoita >>>>> viestin lähettäjälle tapahtuneesta >>>>> virheestä ja tuhoa viesti välittömästi. Viestin luvaton julkaiseminen, >>>>> kopioiminen, jakelu tai muu >>>>> käyttö tai toimenpiteisiin ryhtyminen sen perusteella on ehdottomasti >>>>> kielletty. >>>>> >>>>> This message (including any attachments) may contain confidential >>>>> information intended for >>>>> the person or entity to which it is addressed. If you are not the >>>>> intended recipient, notify the >>>>> sender and delete this message immediately. Notice that disclosing, >>>>> copying, distributing or any >>>>> other use of the message and its information, or taking any action >>>>> based on it, is strictly prohibited. >>>>> >>>>> ________________________________ >>>>> >>>> >>>> >>