Thursday, November 13, 2014

ADF: Login page keeps on coming back in IE (iframe)

I faced an strange issue when using ADF ui on IE 8 browser with iframe.

<html>
 <body>
 Testing ADF in iframe
 <iframe width="1490" height="619" id="TheFrame" src="http://127.0.0.1:7101/cntx-root/faces/MyTestPG" >
 </body>
</html>


I found that login page was continuously coming back even after providing correct username/password. At times I found that _afrLoop was going for an infinite loop. My ADF page was working fine on IE/Firefox/Chrome but if I load it using iframe, it was only working in firefox and chrome. IE was showing above mentioned behavior.

If we have to show secured ADF page on BAM dashboard then we may face this issue as BAM only support IE 7/8 and it will use iframe to show ADF page.

I followed it in forum https://community.oracle.com/message/12720399#12720399 and finally found that issue was because P3P policy of IE. I would like to thank Dairo for suggesting correct solution.

IE treats a website appearing in iframe as third-party and does not save cookies from it untill it has certain P3P policies in header. To know if you are hitting this issue or not just look at browser status bar at bottom and if you see an eye icon it means you are hitting same issue.


Now question is how to solve it

There could be two ways.
1. Configure IE to disable P3P check for your website: We can configure IE to allow saving cookies from our site. For that just follow these steps
   a. Go to Tools > Internet Options > Privacy.
   b. Click on Sites button and set your site


This solution is only feasible if there are very few users and they can change their IE settings.

2. Set P3P policy in response header to satisfy IE: For that we can follow these steps
   a. Create a filter and put following code in it.

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

public class P3PFilter implements Filter {
    private FilterConfig _filterConfig = null;

    public void init(FilterConfig filterConfig) throws ServletException {
        _filterConfig = filterConfig;
    }

    public void destroy() {
        _filterConfig = null;
    }

    public void doFilter(ServletRequest request, ServletResponse response,
                         FilterChain chain) throws IOException,
                                                   ServletException {
        ((HttpServletResponse)response).setHeader("P3P","CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'");
        chain.doFilter(request, response);
    }
}


Before setting P3P, I would recommend to look for legal bindings of P3P.

 b. Map url with filter in web.xml
 <filter>
    <filter-name>P3PFilter</filter-name>
    <filter-class>view.com.kbace.bam.filter.P3PFilter</filter-class>
  </filter>

<filter-mapping>
    <filter-name>P3PFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

Now ADF site will have a response header and IE will allow it to set cookies when appearing in iframe.


Reference: https://community.oracle.com/message/12720399#12720399

Thanks
Sanjeev