We've been asked to allow X-Frames in the CA Portal to integrate with other internal applications.

I've been told in order to do this that CA/Broadcom will need to update their Portal code to set up the x-frame property.  

Release : 4.8.1 and 4.9

Component : Test Data Manager Portal

This has been addressed in TDMWeb-4.8.219.0, and TDMWeb-4.9.95.0..

Please download the latest FDM patch from below link. Install the patch and verify the issue.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/release-announcements/Test-Data-Manager-TDM-Patches/16649

After the installation of the patch, the Portal will behave the same as before (eg. it won't be possible to use Portal in a frame) by default.

To enable x-frame support, you will need to:

1. Stop the CA Test Data Manager Portal service

2. Modify the file <TDM_ROOT>/tomcat/conf/web.xml. The Portal service should restart automatically, but it can be restarted manually too. Also don't forget you'll need elevated privileges to modify files under the Program Files directory.

3. You need to find the following block of text:

<filter>
        <filter-name>httpHeaderSecurity</filter-name>
        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
        <async-supported>true</async-supported>
</filter>

4. Depending on you're need, change it to one of the two options:

a) If you want to allow only same host:

b) If you want to allow any host - this can be modified further to allow only specific host(s) by putting it as value of antiClickJackingUri parameter):

If you need more documentation, you can look at the Tomcat documentation, under the "HTTP Header Security Filter" section.

https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html