Univention Bugzilla – Bug 51764
SAML login page won't load in UCS 5 portal preview due to "X-Frame-Options: SAMEORIGIN"
Last modified: 2020-10-12 12:08:35 CEST
The package univention-saml contains the file /usr/share/simplesamlphp/modules/univentiontheme/themes/univention/default/includes/header.php which unconditionally sets the "X-Frame-Options" header to "SAMEORIGIN". This is a problem when trying to use the UCS 5 portal preview (on UCS 4.4). For example, if the portal is available at https://portal.my.site and the SSO login URL is https://ucs-sso.my.site, the browser will refuse to display content from https://ucs-sso.my.site in the frame loaded from https://portal.my.site, making login impossible. Commenting out the line setting said header restores functionality. There are several UCR variables that need to be set for the UCS5 portal preview to work correctly as far as I know. They're all set. Making this header depend on one of those variables might be a solution, as might be introducing a new UCR variable solely for this purpose.
Hm, I thoght it was removed in Bug #51211 but seem to get re-added with git:bf86f1f2467ab92ae394f94fac7eac72cdafed31.
Same here.