ADFS 4-将"X-Frame-Options"设置为"deny" [英] ADFS 4 -'X-Frame-Options' to 'deny'

问题描述

我在Dynamics CRM中嵌入了一个aspx页面. aspx页面使用openId和adfs应用程序组进行身份验证，并且一直在进行工作，直到安全更新KB4493473(假设更新引起了该问题).在更新之前，当用户加载CRM表单时，iframe将无缝加载而不会出现问题或身份验证提示. 从更新开始，控制台将显示以下消息:' https://sts ... . .& x-client-SKU = ID_NET451& x-client-ver = 5.2.1.0'，因为它会将"X-Frame-Options"设置为"deny".

我还没有找到使adfs不发送该X帧头的方法，这里有任何解决方法吗?

此命令已针对ADFS 2019进行了说明(但也适用于ADFS 4):https://sts...... &x-client-SKU=ID_NET451&x-client-ver=5.2.1.0' in a frame because it set 'X-Frame-Options' to 'deny'.

I have not found any way to have adfs NOT send that x-frame header, is there any workaround here?

解决方案

We had a similar problem since some week on a project I work on (iFrame integration not working any more because of ADFS, apparently since May Windows cumulative update has been installed)

Luckily, a colleague found a workaround with this ADFS PowerShell command :

Set-AdfsResponseHeaders -RemoveHeaders "X-Frame-Options"

This command is documented for ADFS 2019 (but works on ADFS 4 too) : https://docs.microsoft.com/fr-fr/windows-server/identity/ad-fs/operations/customize-http-security-headers-ad-fs

Hope this will help. Regards,

这篇关于ADFS 4-将"X-Frame-Options"设置为"deny"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！