Hello,

I have a IG 2.5 server, it points to another server which runs IDM 4.6
and OSP 6.1.3 2017-01-19

The OSP on the IDM server is configured to use SAML2 with NAM 4.3.

When I surf to the IG server, http://myserver:8080, I can see that I get
redirected to the IDM OSP server which in turn redirects me to the NAM
server.

But the loginpage won't show up.



I only get the top Identity Governance "logo" and a spinning icon.

I have checked that the top.jsp is configured according to TID 7004020

Also I have checked that web.xml has been configured according to TID
7018468

I have also tried to add the address to the IG server to web.xml just in
case.

If I disable SAML2 in configupdate and just use Username/Password then I
can login just fine.


Firefox console reports this:
Load denied by X-Frame-Options: https://idm.demo.live:8543/ does not
permit framing by http://ar.demo.live:8080/

ar.demo.live is the IG2.5 server

NAM has am.demo.live

This is how the filter element in NAM web.xml looks like now.

<filter>
<filter-name> httpHeaderSecurity </filter-name>
<filter-class> org.apache.catalina.filters.HttpHeaderSecurityFilt er
</filter-class>
<async-supported> true </async-supported>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
<!-- Commenting out per TID 7018468 -->
<!--
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
-->
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>ALLOW-FROM</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingUri</param-name>
<param-value>https://idm.demo.live:8543/</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingUri</param-name>
<param-value>https://idm.demo.live:8543/osp/</param-value>
</init-param>

<init-param>
<param-name>antiClickJackingUri</param-name>
<param-value>http://ar.demo.live:8080/IDMRPT/</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingUri</param-name>
<param-value>http://ar.demo.live:8080/</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingUri</param-name>
<param-value>http://ar.demo.live:8080/cx/oauth.html</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingUri</param-name>
<param-value>http://ar.demo.live:8080/oauth.html</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingUri</param-name>
<param-value>https://idm.demo.live:8543/idmdash/</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingUri</param-name>
<param-value>https://idm.demo.live:8543/IDMProv/</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingUri</param-name>
<param-value>https://idm.demo.live:8543/IDMRPT/</param-value>
</init-param>
</filter>