Environment
- Access Manager 4.5.2
- Access Manager 4.5.3
Situation
- AAF and IDP server integration has been configured as documented at section: "Configuring Advanced Authentication Server" using the "" option
- While executing any contract assigned to run the Generic AAF class browser clients seem to hand or get stuck at the IDP
Resolution
- Configure the CSP header by adding the the AAF Server as an allowed source. The following header will allow the IDP server as source (self) and the AAF server with the URL: "https://naaf.kgast.nam.com". For example if the AAF server has the URL: https://naaf.kgast.nam.com you can configure it as below
Cause
IDP server had been configured to make use of Content Security Policy headers using the default setting documented with the online help for this section:
Specify the following:
Header Name: Content-Security-Policy
Header Value: frame-src 'self'; frame-ancestors 'self'; form-action 'self'
URL Patterns: .*/nidp/.*
The "form-action 'self'" prevents the browser client from executing the OAuth Post request (initiated by a form) to be send to the AAF server. The Browser developer tools can be used for troubleshooting