Skip to content
Advertisement

Refused to display ‘http://..’ in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’ when trying to connect to SAML IDP via iframe

I have two different applications placed on same server.
In both the applications, i have integrated SAML authentication using SimpleSAMLPhp. Both the applications are connecting to one SAML IDP (SimpleSAMLPhp IDP) for authentication.

In one application i am loading content of another application using iframe, But when i try to load page, it gives me below error as it redirects to IDP for authentication.

Error Message : Refused to display ‘http://..’ in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’

I am not understanding is it because of SimpleSAMLPhp saml auth or is there something i need do for it’s working.

Advertisement

Answer

The above issue is solved. Here is what was done to solve this issue.
I am connecting to SAML IDP server from my SAML SP, but getting error when loading content in iframe.

To solve this iframe issue:
SAML IDP server is allowing our application hostname to load the page inside iframe. As they are using PingFederate SAML, they followed steps mentioned in below URL:
https://support.pingidentity.com/s/article/Unable-to-Display-content-in-a-frame

Basically they updated their header section with Content Security Policy to allow display of page in iframe.

Thank you.

User contributions licensed under: CC BY-SA
3 People found this is helpful
Advertisement