I have an application, developed using Spring Boot, in which I am launching multiple applications using HTML iFrame windows. This application uses Keycloak for identity management and the goal is to login only on the home screen of the central application and all the iFrame applications to use the already generated token for their authentication. This scenario works fine with other applications I have tried, but it does not work as expected with Rocket.Chat.
When I am opening the iFrame with the Rocket.Chat application, it can not identify that I have already logged in and when I am clicking on the 'Login with Keycloak' button I am receiving the following error on the console for the request for the file /font/fontello.woff2
Refused to frame 'keycloak url' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
If I have already logged in on a separate window, the iFrame will load as expected with the home screen of the logged user, but what I need is to only use Rocket.Chat from the iFrame and log in only once for all the applications I am using.
Steps to reproduce:
I have disabled the 'Restrict access inside any iframe' in order to enable the iFrame usage and I have followed these steps https://docs.rocket.chat/guides/administrator-guides/authentication/oauth/keycloak for setting up the Keycloak authorization (I am using the same client for both Rocket.Chat and all the other applications).
Expected behavior:
The expected behavior is Rocket.Chat to use the generated token and auto-login the user.
beulahpt
commented
4 years ago
Description:
I have an application, developed using Spring Boot, in which I am launching multiple applications using HTML iFrame windows. This application uses Keycloak for identity management and the goal is to login only on the home screen of the central application and all the iFrame applications to use the already generated token for their authentication. This scenario works fine with other applications I have tried, but it does not work as expected with Rocket.Chat.
When I am opening the iFrame with the Rocket.Chat application, it can not identify that I have already logged in and when I am clicking on the 'Login with Keycloak' button I am receiving the following error on the console for the request for the file /font/fontello.woff2 Refused to frame 'keycloak url' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
If I have already logged in on a separate window, the iFrame will load as expected with the home screen of the logged user, but what I need is to only use Rocket.Chat from the iFrame and log in only once for all the applications I am using.
Steps to reproduce:
I have disabled the 'Restrict access inside any iframe' in order to enable the iFrame usage and I have followed these steps https://docs.rocket.chat/guides/administrator-guides/authentication/oauth/keycloak for setting up the Keycloak authorization (I am using the same client for both Rocket.Chat and all the other applications).
Expected behavior:
The expected behavior is Rocket.Chat to use the generated token and auto-login the user.
Actual behavior:
Rocket.Chat displays the login page.
Server Setup Information:
Client Setup Information
Additional context
Relevant logs: