I have two different applications placed on same server.
In both the applications, i have integrated SAML authentication using SimpleSAMLPhp. Both the applications are connecting to one SAML IDP (SimpleSAMLPhp IDP) for authentication.
In one application i am loading content of another application using iframe, But when i try to load page, it gives me below error as it redirects to IDP for authentication.
Error Message : Refused to display ‘http://..’ in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’
I am not understanding is it because of SimpleSAMLPhp saml auth or is there something i need do for it’s working.
Advertisement
Answer
The above issue is solved. Here is what was done to solve this issue.
I am connecting to SAML IDP server from my SAML SP, but getting error when loading content in iframe.
To solve this iframe issue:
SAML IDP server is allowing our application hostname to load the page inside iframe. As they are using PingFederate SAML, they followed steps mentioned in below URL:
https://support.pingidentity.com/s/article/Unable-to-Display-content-in-a-frame
Basically they updated their header section with Content Security Policy to allow display of page in iframe.
Thank you.