3.1.3 Configuring a Custom Response Header for an Identity Server Cluster

You can configure custom response headers for each Identity Server cluster based on your enterprise’s requirement. In addition, you can create the Content Security Policy (CSP) header for securing the communication between the client browser and Identity Server.

NOTE:If you create a CSP header, it is recommended to disable the X-Frame option to avoid any conflicts with the CSP header.

To add a custom response header to the required URL, perform the following steps:

On the Home page, click Identity Servers > [cluster name] > Response Headers.

Click the Plus icon and specify the following details:

Field	Description
Header Name	The name of the required header.
Header Value	The value for the header.
URL Pattern	The regular expressions (regex) to identify the URL paths on which you require to add this header. This value is matched with the path that is included after the port number in the destination URL. For more information about using regular expressions, see Regular Expressions.

Field

Description

Header Name

The name of the required header.

Header Value

The value for the header.

URL Pattern

The regular expressions (regex) to identify the URL paths on which you require to add this header.

This value is matched with the path that is included after the port number in the destination URL.

For more information about using regular expressions, see Regular Expressions.

Click Save.

For example, you have an Identity Server cluster with the name as IDP-cluster. To add a CSP header with frame-ancestors, form-action, and frame-src policies to all URL paths that include /nidp, perform the following steps:

On the Home page, click Identity Servers > [cluster name] > Response Headers.

Click Plus icon and specify the following details:

Field	Description
Header Name	Content-Security-Policy
Header Value	frame-src 'self'; frame-ancestors 'self'; form-action 'self' NOTE:The source value in this example is ‘self’. You can use any value from the CSP source list except 'nonce-' and 'sha256-'.
URL Pattern	./nidp/.

Click Save.

NOTE:When integrated with Advanced Authentication using the generic method, configure the CSP header by adding Advanced Authentication as an allowed source. For more information, see TID.

To add the cache-control header

On the Home page, click Identity Servers > [cluster name]Response Headers.

Click the Plus icon and specify the following details:

Field	Description
Header Name	Cache-Control
Header Value	no-cache,no-store
URL Pattern	/.*

Click Save.