No, but feel free to add one to the new testsuite :)
On 15 April 2016 at 14:46, Thomas Raehalme <thomas.raehalme(a)aitiofinland.com
wrote:
>
> On Thu, Apr 14, 2016 at 5:11 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
>
>> I think we need to make it configurable. Could use messages from login
>> theme as a simple solution?
>>
>> sessionIframeP3P=CP="This is not a P3P policy!"
>>
>
> Using theme properties was a good idea.
>
> Is there an existing test I could extend to verify the presence of the
> header?
>
>
>
>
>
>> On 14 April 2016 at 16:06, Thomas Raehalme <
>> thomas.raehalme(a)aitiofinland.com
wrote:
>>
>>> Well I didn't mean exactly the same message with a link and everything,
>>> but just something like "This is not a policy definition."
>>>
>>> Best regards,
>>> Thomas
>>> On Apr 14, 2016 17:03, "Stian Thorgersen"
<sthorger(a)redhat.com
wrote:
>>>
>>>> I don't think the Google way is good for us as we'd need to have
a
>>>> similar page. Further, it wouldn't be correct to have a Keycloak page
that
>>>> describes the policy for other companies. So we need to figure out what
the
>>>> correct value should be I think.
>>>>
>>>> On 14 April 2016 at 16:00, Thomas Raehalme <
>>>> thomas.raehalme(a)aitiofinland.com
wrote:
>>>>
>>>>> W3C has the spec but since nobody is really using this I don't
think
>>>>> the value matters. But instead of making up some policy definition I
think
>>>>> that the Google way would be the best. What do you think?
>>>>>
>>>>> Best regards,
>>>>> Thomas
>>>>> On Apr 14, 2016 16:54, "Stian Thorgersen"
<sthorger(a)redhat.com
wrote:
>>>>>
>>>>>> I've got no clue what the value should be, tried to search on
Google,
>>>>>> but doesn't make much sense to me.
>>>>>>
>>>>>> On 14 April 2016 at 15:30, Jukka Sirviö
<Jukka.Sirvio(a)mipro.fi>
>>>>>
wrote:
>>>>>>
>>>>>>> there is discussion on this issue, also on stack overflow
>>>>>>>
>>>>>>>
http://stackoverflow.com/questions/32120129/keycloak-is-causing-ie-to-hav...
>>>>>>>
>>>>>>> “Header always set P3P "CP=ALL DSP COR CUR ADM PSA CONi
OUR SAM OTR
>>>>>>> UNR LEG"”
>>>>>>>
>>>>>>>
>>>>>>> Lähettäjä: keycloak-user-bounces(a)lists.jboss.org [mailto:
>>>>>>> keycloak-user-bounces(a)lists.jboss.org] Puolesta Thomas
Raehalme
>>>>>>> Lähetetty: 14. huhtikuuta 2016 16:22
>>>>>>> Vastaanottaja: Stian Thorgersen
>>>>>>> Kopio: keycloak-user
>>>>>>> Aihe: Re: [keycloak-user] JavaScript client, iframe and IE
>>>>>>>
>>>>>>> I created KEYCLOAK-2828 for this issue and will do a PR as
well.
>>>>>>>
>>>>>>> What do you think the value should be? As I wrote earlier it
does
>>>>>>> not seem to make a difference to IE.
>>>>>>>
>>>>>>> Best regards,
>>>>>>> Thomas
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Apr 14, 2016 at 4:16 PM, Stian Thorgersen <
>>>>>>> sthorger(a)redhat.com
wrote:
>>>>>>> Can you create a JIRA for it please? If you fancy doing
a PR you can
>>>>>>> add the header to LoginStatusIframeEndpoint.
>>>>>>>
>>>>>>> On 14 April 2016 at 15:09, Thomas Raehalme <
>>>>>>> thomas.raehalme(a)aitiofinland.com
wrote:
>>>>>>> On Thu, Apr 14, 2016 at 4:01 PM, Stian Thorgersen <
>>>>>>> sthorger(a)redhat.com
wrote:
>>>>>>> What do you mean about "if the URL is something
like"?
>>>>>>>
>>>>>>> The only iframe Keycloak uses is in the JavaScript adapter
and it's
>>>>>>> only the session iframe. That would be the only place it
would be relevant
>>>>>>> for Keycloak to set P3P header, but don't think it's
need AFAIK it works
>>>>>>> just fine on IE.
>>>>>>>
>>>>>>> Sorry for being a little too vague.
>>>>>>>
>>>>>>> Among other UIs our application has a web front-end based on
>>>>>>> AngularJS and it's utilizing the JavaScript adapter for
authentication.
>>>>>>> When I login to the application I can inspect the HTML and
see an <iframe
>>>>>>> /> element with the following URL:
>>>>>>>
>>>>>>>
>>>>>>>
https://keycloak-server/auth/realms/xxxx/protocol/openid-connect/login-st...
>>>>>>>
>>>>>>> Without the P3P header there is an eternal loop between our
web
>>>>>>> front-end and Keycloak where the browser is being redirected
from one to
>>>>>>> the other. After adding the P3P header the problem was
solved.
>>>>>>>
>>>>>>> Best regards,
>>>>>>> Thomas
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ________________________________
>>>>>>>
>>>>>>> Tämä sähköpostiviesti (liitteineen) saattaa sisältää
>>>>>>> luottamuksellista tietoa, joka on tarkoitettu
>>>>>>> vain vastaanottajalleen. Jos et ole oikea vastaanottaja,
ilmoita
>>>>>>> viestin lähettäjälle tapahtuneesta
>>>>>>> virheestä ja tuhoa viesti välittömästi. Viestin luvaton
>>>>>>> julkaiseminen, kopioiminen, jakelu tai muu
>>>>>>> käyttö tai toimenpiteisiin ryhtyminen sen perusteella on
>>>>>>> ehdottomasti kielletty.
>>>>>>>
>>>>>>> This message (including any attachments) may contain
confidential
>>>>>>> information intended for
>>>>>>> the person or entity to which it is addressed. If you are not
the
>>>>>>> intended recipient, notify the
>>>>>>> sender and delete this message immediately. Notice that
disclosing,
>>>>>>> copying, distributing or any
>>>>>>> other use of the message and its information, or taking any
action
>>>>>>> based on it, is strictly prohibited.
>>>>>>>
>>>>>>> ________________________________
>>>>>>>
>>>>>>
>>>>>>
>>>>
>>
>
>