Change HTTP Header from PAS

This document is NOT written for PhenixID Server, but for reverse proxy placed in front of PAS.

The reader should have some basic knowledge about reverse proxy and http protocol behaviour.

Overview

PAS sets the HTTP Header Response parameter X-Frame-Options to deny, for security reasons.
That parameter makes it impossible to put a PAS based authentication page inside a http-frame based page.
This error is displayed when trying:

Refused to display 'https://idp.mydomain.com' in a frame because it set 'X-Frame-Options' to 'deny'

It is however possible to change that behaviour  ( at your own risk ) with a reverse proxy placed in front of PAS.

Apache httpd configuration example

Find the httpd.conf configuration file, different places on different OS, add the following parameter:

Header unset X-Frame-Options

The parameter below should also be OK, but it doesn't replace the old deny parameter, only adds a new.

Header set X-Frame-Options "SAMEORIGIN"

Verification

Start an authentication provided by PAS
When you are at the sign-in page, start Developer mode in your browser, choose the network panel.
Reload the page, click on the first row and choose headers

The Response headers part should not show X-Frame-Options: deny anymore