oecd adfs extension
- silent auth in our apps (DE, DLM) requires iframes
- security requires to avoid * in frame src (cf security audit)
- authority url was dynamically added to frame src policy (from tenants.json scope)
- oecd adfs relies on several urls in addition to the main authority url
- the auth doesn't work because additional urls are not allowed to be used in frames
-
add in tenants.json in the oidc entry an array of secondary urls -
use the new entry in the router to enhance frame-src values -
do it for DE and DLM (same code)
the feature is optional and doesn't break OIDC classic usage nor Keycloak NOTclassic usage
sts-pp.oecd.org
Edited by Nicolas Briemant