7018218: IDM OSP federation partially broken after Access Manager update to 4.3

here’s a snippet from both files where the security header changes are disabled

// /opt/novell/nam/idp/conf/web.xml

<!–

<filter>

<filter-name>

httpHeaderSecurity

</filter-name>

<filter-class>

org.apache.catalina.filters.HttpHeaderSecurityFilter

</filter-class>

<async-supported>

true

</async-supported>

<init-param>

<param-name>hstsMaxAgeSeconds</param-name>

<param-value>31536000</param-value>

</init-param>

<init-param>

<param-name>antiClickJackingOption</param-name>

<param-value>SAMEORIGIN</param-value>

</init-param>

</filter>

<filter-mapping>

<filter-name>httpHeaderSecurity</filter-name>

<url-pattern>/*</url-pattern>

<dispatcher>REQUEST</dispatcher>

</filter-mapping>

–>

// /opt/novell/nids/lib/webapp/WEB-INF/web.xml

<!–

<filter>

<filter-name>SameOriginFilter</filter-name>

<description>The NIDP server anti-clickjacking filter.This filter adds ‘X-FRAME-OPTIONS: SAMEORIGIN’

header to http responses, and prevents cross domain framing of web pages as best as possible

depending on browser compatibility.</description>

<filter-class>com.novell.nidp.servlets.filters.jsp.SameOriginFramingFilter</filter-class>

<init-param>

<param-name>activate</param-name>

<param-value>True</param-value>

</init-param>

</filter>

<filter-mapping>

<filter-name>SameOriginFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter>

<filter-name>

httpHeaderSecurity

</filter-name>

<filter-class>

org.apache.catalina.filters.HttpHeaderSecurityFilter

</filter-class>

<async-supported>

true

</async-supported>

<init-param>

<param-name>hstsMaxAgeSeconds</param-name>

<param-value>31536000</param-value>

</init-param>

<init-param>

<param-name>antiClickJackingOption</param-name>

<param-value>SAMEORIGIN</param-value>

</init-param>

</filter>

<filter-mapping>

<filter-name>httpHeaderSecurity</filter-name>

<url-pattern>/*</url-pattern>

<dispatcher>REQUEST</dispatcher>

</filter-mapping>

–>

Related:

Leave a Reply