Access Manager IDP Server fails on redirecting users to process any Advanced Authentication Server login method

  • 7024820
  • 16-Sep-2020
  • 16-Sep-2020

Environment


  • Access Manager 4.5.2
  • Access Manager 4.5.3

Situation

  • AAF and IDP server integration has been configured as documented at section: "Configuring Advanced Authentication Server" using the "Integrate using OAuth" option

  • While executing any contract assigned to run the Generic AAF class browser clients seem to hand or get stuck at the IDP

Resolution

  • Configure the CSP header by adding the the AAF Server as an allowed source. The following header will allow the IDP server as source (self) and the AAF server with the URL: "https://naaf.kgast.nam.com". For example if the AAF server has the URL: https://naaf.kgast.nam.com you can configure it as below



Cause

IDP server had been configured to make use of Content Security Policy headers using the default setting documented with the online help for this section:

Specify the following:

Header Name: Content-Security-Policy
Header Value: frame-src 'self'; frame-ancestors 'self'; form-action 'self'
URL Patterns: .*/nidp/.*

The "form-action 'self'" prevents the browser client from executing the OAuth Post request (initiated by a form) to be send to the AAF server. The Browser developer tools can be used for troubleshooting