1

I have two different applications placed on same server. In both the applications, i have integrated SAML authentication using SimpleSAMLPhp. Both the applications are connecting to one SAML IDP (SimpleSAMLPhp IDP) for authentication.

In one application i am loading content of another application using iframe, But when i try to load page, it gives me below error as it redirects to IDP for authentication.

Error Message : Refused to display 'http://..' in a frame because it set 'X-Frame-Options' to 'sameorigin'

I am not understanding is it because of SimpleSAMLPhp saml auth or is there something i need do for it's working.

nikhilp
  • 11
  • 5
  • 1
    It's because of the settings on the server which serves the page you're trying to put into the iframe. It does not allow you to put that page into an iframe on another website. You can find out more about X-Frame-Options here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options. There's nothing you can do about this error, unless you control the server/code which is serving that URL. – ADyson Sep 30 '20 at 12:24
  • I would guess therefore, that you are not implementing the system in the way it's designed. I suggest reviewing any documentation or examples available to you and comparing to your own implementation. – ADyson Sep 30 '20 at 12:25
  • Thank you for response. Checking the link you have shared. – nikhilp Oct 01 '20 at 07:23
  • Hello, This issue is solved. SAML IDP server where i was making call from my server did some changes mentioned here https://support.pingidentity.com/s/article/Unable-to-Display-content-in-a-frame It is related to Content-Security-Policy. Thank you. – nikhilp Oct 29 '20 at 07:20
  • That's great. If the issue is solved, please write it as an Answer in the section below, then a) it can be accepted (by you - you can an answer your own questions!), b) people can vote on it, and c) it will be searchable by people who have a similar issue in future (comments are not easily searchable). Thanks. – ADyson Oct 29 '20 at 09:46

1 Answers1

0

The above issue is solved. Here is what was done to solve this issue. I am connecting to SAML IDP server from my SAML SP, but getting error when loading content in iframe.

To solve this iframe issue: SAML IDP server is allowing our application hostname to load the page inside iframe. As they are using PingFederate SAML, they followed steps mentioned in below URL: https://support.pingidentity.com/s/article/Unable-to-Display-content-in-a-frame

Basically they updated their header section with Content Security Policy to allow display of page in iframe.

Thank you.

nikhilp
  • 11
  • 5