[keycloak-user] Iframe login form
Gregory Durham
gregory.durham at gmail.com
Thu Jan 18 15:57:44 EST 2018
Hello,
We are currently evaluating keycloak as a solution for idp/sso, and are
currently looking at how integration should look like.
In order to keep the login experience seamless, we have an iframe approach
working, and have locked down the X-Frame-Option and
the Content-Security-Policy for frame-ancestors to limit it to our
site/domain.
The redirect is captured by the iframe and the code is passed to the main
page and the keycloak.js is initialized with this to get the token.
Is this supported and if not why not? I want to make sure that there isn't
something I am missing in how this works from a security and usage point of
view.
Thank you,
Greg
More information about the keycloak-user
mailing list