Re: [keycloak-user] JavaScript client, iframe and IE

No, but feel free to add one to the new testsuite :) On 15 April 2016 at 14:46, Thomas Raehalme <thomas.raehalme@aitiofinland. com> wrote: > > On Thu, Apr 14, 2016 at 5:11 PM, Stian Thorgersen <sthorger(a)redhat.com&gt; > wrote: > >> I think we need to make it configurable. Could use messages from login >> theme as a simple solution? >> >> sessionIframeP3P=CP="This is not a P3P policy!" >> > > Using theme properties was a good idea. > > Is there an existing test I could extend to verify the presence of the > header? > > > > > >> On 14 April 2016 at 16:06, Thomas Raehalme < >> thomas.raehalme(a)aitiofinland.com&gt; wrote: >> >>> Well I didn't mean exactly the same message with a link and everything, >>> but just something like "This is not a policy definition." >>> >>> Best regards, >>> Thomas >>> On Apr 14, 2016 17:03, "Stian Thorgersen" <sthorger(a)redhat.com&gt; wrote: >>> >>>> I don't think the Google way is good for us as we'd need to have a >>>> similar page. Further, it wouldn't be correct to have a Keycloak page that >>>> describes the policy for other companies. So we need to figure out what the >>>> correct value should be I think. >>>> >>>> On 14 April 2016 at 16:00, Thomas Raehalme < >>>> thomas.raehalme(a)aitiofinland.com&gt; wrote: >>>> >>>>> W3C has the spec but since nobody is really using this I don't think >>>>> the value matters. But instead of making up some policy definition I think >>>>> that the Google way would be the best. What do you think? >>>>> >>>>> Best regards, >>>>> Thomas >>>>> On Apr 14, 2016 16:54, "Stian Thorgersen" <sthorger(a)redhat.com&gt; >>>>> wrote: >>>>> >>>>>> I've got no clue what the value should be, tried to search on >>>>>> Google, but doesn't make much sense to me. >>>>>> >>>>>> On 14 April 2016 at 15:30, Jukka Sirviö <Jukka.Sirvio(a)mipro.fi&gt; >>>>>> wrote: >>>>>> >>>>>>> there is discussion on this issue, also on stack overflow >>>>>>> http://stackoverflow.com/questions/32120129/keycloak- >>>>>>> is-causing-ie-to-have-an-infinite-loop >>>>>>> >>>>>>> “Header always set P3P "CP=ALL DSP COR CUR ADM PSA CONi OUR SAM OTR >>>>>>> UNR LEG"” >>>>>>> >>>>>>> >>>>>>> Lähettäjä: keycloak-user-bounces(a)lists.jboss.org [mailto: >>>>>>> keycloak-user-bounces(a)lists.jboss.org] Puolesta Thomas Raehalme >>>>>>> Lähetetty: 14. huhtikuuta 2016 16:22 >>>>>>> Vastaanottaja: Stian Thorgersen >>>>>>> Kopio: keycloak-user >>>>>>> Aihe: Re: [keycloak-user] JavaScript client, iframe and IE >>>>>>> >>>>>>> I created KEYCLOAK-2828 for this issue and will do a PR as well. >>>>>>> >>>>>>> What do you think the value should be? As I wrote earlier it does >>>>>>> not seem to make a difference to IE. >>>>>>> >>>>>>> Best regards, >>>>>>> Thomas >>>>>>> >>>>>>> >>>>>>> On Thu, Apr 14, 2016 at 4:16 PM, Stian Thorgersen < >>>>>>> sthorger(a)redhat.com&gt; wrote: >>>>>>> Can you create a JIRA for it please? If you fancy doing a PR you >>>>>>> can add the header to LoginStatusIframeEndpoint. >>>>>>> >>>>>>> On 14 April 2016 at 15:09, Thomas Raehalme < >>>>>>> thomas.raehalme(a)aitiofinland.com&gt; wrote: >>>>>>> On Thu, Apr 14, 2016 at 4:01 PM, Stian Thorgersen < >>>>>>> sthorger(a)redhat.com&gt; wrote: >>>>>>> What do you mean about "if the URL is something like"? >>>>>>> >>>>>>> The only iframe Keycloak uses is in the JavaScript adapter and it's >>>>>>> only the session iframe. That would be the only place it would be relevant >>>>>>> for Keycloak to set P3P header, but don't think it's need AFAIK it works >>>>>>> just fine on IE. >>>>>>> >>>>>>> Sorry for being a little too vague. >>>>>>> >>>>>>> Among other UIs our application has a web front-end based on >>>>>>> AngularJS and it's utilizing the JavaScript adapter for authentication. >>>>>>> When I login to the application I can inspect the HTML and see an <iframe >>>>>>> /> element with the following URL: >>>>>>> >>>>>>> https://keycloak-server/auth/realms/xxxx/protocol/openid- >>>>>>> connect/login-status-iframe.html?client_id=xxxx&origin=xxxx >>>>>>> >>>>>>> Without the P3P header there is an eternal loop between our web >>>>>>> front-end and Keycloak where the browser is being redirected from one to >>>>>>> the other. After adding the P3P header the problem was solved. >>>>>>> >>>>>>> Best regards, >>>>>>> Thomas >>>>>>> >>>>>>> >>>>>>> >>>>>>> ________________________________ >>>>>>> >>>>>>> Tämä sähköpostiviesti (liitteineen) saattaa sisältää >>>>>>> luottamuksellista tietoa, joka on tarkoitettu >>>>>>> vain vastaanottajalleen. Jos et ole oikea vastaanottaja, ilmoita >>>>>>> viestin lähettäjälle tapahtuneesta >>>>>>> virheestä ja tuhoa viesti välittömästi. Viestin luvaton >>>>>>> julkaiseminen, kopioiminen, jakelu tai muu >>>>>>> käyttö tai toimenpiteisiin ryhtyminen sen perusteella on >>>>>>> ehdottomasti kielletty. >>>>>>> >>>>>>> This message (including any attachments) may contain confidential >>>>>>> information intended for >>>>>>> the person or entity to which it is addressed. If you are not the >>>>>>> intended recipient, notify the >>>>>>> sender and delete this message immediately. Notice that disclosing, >>>>>>> copying, distributing or any >>>>>>> other use of the message and its information, or taking any action >>>>>>> based on it, is strictly prohibited. >>>>>>> >>>>>>> ________________________________ >>>>>>> >>>>>> >>>>>> >>>> >> > > _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user