When a single sign on (SSO) authentication page is embedded in another web browser frame, you may encounter authentication errors that can be frustrating for your users. For example, some learning management systems, such as Schoology may do this by default. This can result in an authentication error, even when the user enters their credentials correctly. For example -
When you embed an SSO authentication page in a web browser frame, you may encounter Cross-Origin Resource Sharing (CORS) issues. SSO pages often reside on a different domain than the website where they are embedded, which can lead to security restrictions that prevent the web page from making requests to the SSO server. This can result in authentication errors, and the user may not be able to log in.
Avoid embedding the SSO authentication page directly in an iframe. Instead, redirect the user to the SSO page, ensuring it is displayed in a separate browser tab or window to mitigate the chances of errors.
SSO relies on cookies and sessions to maintain user authentication. When you embed the SSO authentication page in a web browser frame, the browser's same-origin policy can interfere with cookie and session handling. This can lead to authentication errors or being unable to log in. Consider implementing a full-page redirect to the SSO page to ensure that cookies and sessions are properly maintained without same-origin policy restrictions.
Comments
0 comments
Please sign in to leave a comment.