shibidp4 idp.propreties
Closed this issue · 2 comments
peppelinux commented
I think that the following could be usefull for security reasons
idp.cookie.secure = true
idp.frameoptions = DENY
malavolti commented
Hi Giuseppe and forgive me for this very late answer... :(
"idp.cookie.secure" property has been set to "false" on Shibboleth IdP v3.x for backward compatibility but should be set to true in most cases so... You are right! Fortunately, on the new Shibboleth v4.x the default value of this property has been changed to "true".
The default value of "idp.frameoptions" property has been set to "DENY" from the Shibboleth IdP v3.4.0: IdP 3.x - Release Note
Thank you so much!
peppelinux commented
better late then never 👍