I am trying to get Confluence 4.1.5 to work properly with IE 8, 9 and 10 with redirect from a SSO. In other words - we've hit the Privacy Policy issue (P3P).
No, I'm not a Tomcat guy. But I found some references that (I believe) told me what to do:
https://code.google.com/p/urlrewritefilter/
Based on this I was able to establish that Confluence standard installation both has:
So I tried to add the following to the urlrewrite.xml file:
<rule>
<from>/*</from>
<set type="response-header" name="P3P">CP="NON DSP COR ADM OUR STP"</set>
</rule>
This however did not work very well. To test I inserted some spelling errors (!!) and got an error message in Confluence logs. So I know that the file is read. However, I do not understand why my p3p isn't set (I have verified with IE and Firefox. The p3p value set on e.g. www.w3.org is not similarly set when I navigate Confluence).
I've opened a support case with Atlassian. But they basically state that "this is not under the support agreement" which I guess I kind of agree on.
So - can someone guide me in the right direction? Will this never work? Am I missing a crucial part?
Please not, for anyone answering, that I am really not acquainted with Tomcat at all, so consider me a Newb when you answer :)
Thank you in advance.
I had a second look at the web.xml file for the urlrewrite entry. I found that Atlassian had added specific settings for the filter to kick in. So "my" rules never actually kicked in. I changed these to /* and verified that it now worked as expected.
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<!--<url-pattern>/s/*</url-pattern>-->
<url-pattern>/*</url-pattern>
</filter-mapping>
Now I have to figure out Atlassians intention with the /s/* (I know what they do, but I do not know why they added this. Test installation seems to run just fine).