[keycloak-user] JavaScript client, iframe and IE

Stian Thorgersen sthorger at redhat.com
Thu Apr 14 09:54:57 EDT 2016


I've got no clue what the value should be, tried to search on Google, but
doesn't make much sense to me.

On 14 April 2016 at 15:30, Jukka Sirviö <Jukka.Sirvio at mipro.fi> wrote:

> there is discussion on this issue, also on stack overflow
>
> http://stackoverflow.com/questions/32120129/keycloak-is-causing-ie-to-have-an-infinite-loop
>
> “Header always set P3P "CP=ALL DSP COR CUR ADM PSA CONi OUR SAM OTR UNR
> LEG"”
>
>
> Lähettäjä: keycloak-user-bounces at lists.jboss.org [mailto:
> keycloak-user-bounces at lists.jboss.org] Puolesta Thomas Raehalme
> Lähetetty: 14. huhtikuuta 2016 16:22
> Vastaanottaja: Stian Thorgersen
> Kopio: keycloak-user
> Aihe: Re: [keycloak-user] JavaScript client, iframe and IE
>
> I created KEYCLOAK-2828 for this issue and will do a PR as well.
>
> What do you think the value should be? As I wrote earlier it does not seem
> to make a difference to IE.
>
> Best regards,
> Thomas
>
>
> On Thu, Apr 14, 2016 at 4:16 PM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
> Can you create a JIRA for it please? If you fancy doing a PR you can add
> the header to LoginStatusIframeEndpoint.
>
> On 14 April 2016 at 15:09, Thomas Raehalme <
> thomas.raehalme at aitiofinland.com> wrote:
> On Thu, Apr 14, 2016 at 4:01 PM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
> What do you mean about "if the URL is something like"?
>
> The only iframe Keycloak uses is in the JavaScript adapter and it's only
> the session iframe. That would be the only place it would be relevant for
> Keycloak to set P3P header, but don't think it's need AFAIK it works just
> fine on IE.
>
> Sorry for being a little too vague.
>
> Among other UIs our application has a web front-end based on AngularJS and
> it's utilizing the JavaScript adapter for authentication. When I login to
> the application I can inspect the HTML and see an <iframe /> element with
> the following URL:
>
>
> https://keycloak-server/auth/realms/xxxx/protocol/openid-connect/login-status-iframe.html?client_id=xxxx&origin=xxxx
>
> Without the P3P header there is an eternal loop between our web front-end
> and Keycloak where the browser is being redirected from one to the other.
> After adding the P3P header the problem was solved.
>
> Best regards,
> Thomas
>
>
>
> ________________________________
>
> Tämä sähköpostiviesti (liitteineen) saattaa sisältää luottamuksellista
> tietoa, joka on tarkoitettu
> vain vastaanottajalleen. Jos et ole oikea vastaanottaja, ilmoita viestin
> lähettäjälle tapahtuneesta
> virheestä ja tuhoa viesti välittömästi. Viestin luvaton julkaiseminen,
> kopioiminen, jakelu tai muu
> käyttö tai toimenpiteisiin ryhtyminen sen perusteella on ehdottomasti
> kielletty.
>
> This message (including any attachments) may contain confidential
> information intended for
> the person or entity to which it is addressed. If you are not the intended
> recipient, notify the
> sender and delete this message immediately. Notice that disclosing,
> copying, distributing or any
> other use of the message and its information, or taking any action based
> on it, is strictly prohibited.
>
> ________________________________
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160414/104dcd6d/attachment-0001.html 


More information about the keycloak-user mailing list