[keycloak-user] JavaScript client, iframe and IE

Thu Apr 14 10:00:35 EDT 2016

W3C has the spec but since nobody is really using this I don't think the
value matters. But instead of making up some policy definition I think that
the Google way would be the best. What do you think?

Best regards,
Thomas
On Apr 14, 2016 16:54, "Stian Thorgersen" <sthorger at redhat.com> wrote:

> I've got no clue what the value should be, tried to search on Google, but
> doesn't make much sense to me.
>
> On 14 April 2016 at 15:30, Jukka Sirviö <Jukka.Sirvio at mipro.fi> wrote:
>
>> there is discussion on this issue, also on stack overflow
>>
>> http://stackoverflow.com/questions/32120129/keycloak-is-causing-ie-to-have-an-infinite-loop
>>
>> “Header always set P3P "CP=ALL DSP COR CUR ADM PSA CONi OUR SAM OTR UNR
>> LEG"”
>>
>>
>> Lähettäjä: keycloak-user-bounces at lists.jboss.org [mailto:
>> keycloak-user-bounces at lists.jboss.org] Puolesta Thomas Raehalme
>> Lähetetty: 14. huhtikuuta 2016 16:22
>> Vastaanottaja: Stian Thorgersen
>> Kopio: keycloak-user
>> Aihe: Re: [keycloak-user] JavaScript client, iframe and IE
>>
>> I created KEYCLOAK-2828 for this issue and will do a PR as well.
>>
>> What do you think the value should be? As I wrote earlier it does not
>> seem to make a difference to IE.
>>
>> Best regards,
>> Thomas
>>
>>
>> On Thu, Apr 14, 2016 at 4:16 PM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>> Can you create a JIRA for it please? If you fancy doing a PR you can add
>> the header to LoginStatusIframeEndpoint.
>>
>> On 14 April 2016 at 15:09, Thomas Raehalme <
>> thomas.raehalme at aitiofinland.com> wrote:
>> On Thu, Apr 14, 2016 at 4:01 PM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>> What do you mean about "if the URL is something like"?
>>
>> The only iframe Keycloak uses is in the JavaScript adapter and it's only
>> the session iframe. That would be the only place it would be relevant for
>> Keycloak to set P3P header, but don't think it's need AFAIK it works just
>> fine on IE.
>>
>> Sorry for being a little too vague.
>>
>> Among other UIs our application has a web front-end based on AngularJS
>> and it's utilizing the JavaScript adapter for authentication. When I login
>> to the application I can inspect the HTML and see an <iframe /> element
>> with the following URL:
>>
>>
>> https://keycloak-server/auth/realms/xxxx/protocol/openid-connect/login-status-iframe.html?client_id=xxxx&origin=xxxx
>>
>> Without the P3P header there is an eternal loop between our web front-end
>> and Keycloak where the browser is being redirected from one to the other.
>> After adding the P3P header the problem was solved.
>>
>> Best regards,
>> Thomas
>>
>>
>>
>> ________________________________
>>
>> Tämä sähköpostiviesti (liitteineen) saattaa sisältää luottamuksellista
>> tietoa, joka on tarkoitettu
>> vain vastaanottajalleen. Jos et ole oikea vastaanottaja, ilmoita viestin
>> lähettäjälle tapahtuneesta
>> virheestä ja tuhoa viesti välittömästi. Viestin luvaton julkaiseminen,
>> kopioiminen, jakelu tai muu
>> käyttö tai toimenpiteisiin ryhtyminen sen perusteella on ehdottomasti
>> kielletty.
>>
>> This message (including any attachments) may contain confidential
>> information intended for
>> the person or entity to which it is addressed. If you are not the
>> intended recipient, notify the
>> sender and delete this message immediately. Notice that disclosing,
>> copying, distributing or any
>> other use of the message and its information, or taking any action based
>> on it, is strictly prohibited.
>>
>> ________________________________
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160414/84103c7f/attachment.html 