locked
ADFS Response header X-Frame Option RRS feed

  • Question

  • hello ,

    I need to configure X-Frame header for ADFS. now ADFS 3.0 is not IIS based I can not even utilize HTTP module. how can I achieve this functionality?

    I have business requirement to show Data inside Iframe for conglomeration of different applications. your input is really appreciable here.

    Thanks 

    Umang


    umang

    Thursday, May 26, 2016 9:07 AM

Answers

  • If you make sure that you are logged in before you are displaying the Iframe, you should get SSO, and this will work.

    The X-Frame-Options header is only set by ADFS for the Login page.


    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    Friday, May 27, 2016 1:50 PM
  • You mean the X-Frame-Options which is set to Deny?

    You cannot change it. It is a design decision for security reasons.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.



    Thursday, May 26, 2016 2:22 PM

All replies

  • You mean the X-Frame-Options which is set to Deny?

    You cannot change it. It is a design decision for security reasons.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.



    Thursday, May 26, 2016 2:22 PM
  •  Pierre Audonnet,

    thanks for quick response. but I want to know any suggestions to achieve <g class="gr_ gr_1203 gr-alert gr_gramm gr_run_anim Grammar only-ins doubleReplace replaceWithoutSep" data-gr-id="1203" id="1203">similar</g> goal. Business needs this for sure. here are my applications designs.

    1. ADFS server.

    2. Sharepoint (relying upon Party)

    3. around 200 .net Applications (Converted to Relying party for ADFS).

    now we want to have combined all of these as one Global Solution. we want to aggregate this. and I don't see any other way than having this as iframe (webpart) in sharepoint.

    Please let me know how can I achieve this. (I can't convert all applications in Sharepoint Apps in short span).

    Thanks


    umang

    Friday, May 27, 2016 9:36 AM
  • If you make sure that you are logged in before you are displaying the Iframe, you should get SSO, and this will work.

    The X-Frame-Options header is only set by ADFS for the Login page.


    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    Friday, May 27, 2016 1:50 PM
  • Pirre,

    It worked in IE in few  scenario. but it never works in Chrome. 
    Chrome is not showing error but showing Empty Region.

    but I guess there is no solution to this? is there any way Microsoft User Voice make this as an optional feature the way it was in ADFS 2.0 to <g class="gr_ gr_88 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="88" id="88">configue</g> the x-frame option?


    umang

    Friday, July 15, 2016 2:33 PM
  • t worked in IE in few  scenario. but it never works in Chrome. 
    Chrome is not showing error but showing Empty Region.

    umang

    Friday, July 15, 2016 2:35 PM
  • how can <g class="gr_ gr_73 gr-alert gr_tiny gr_spell gr_run_anim ContextualSpelling multiReplace" data-gr-id="73" id="73">i</g> make sure that <g class="gr_ gr_74 gr-alert gr_tiny gr_spell gr_run_anim ContextualSpelling multiReplace" data-gr-id="74" id="74">i</g> received Logged on Token (bearer) in Iframe so this will work programmatically?

    thanks


    • Edited by shah5522 Thursday, August 4, 2016 2:20 PM
    Thursday, August 4, 2016 2:19 PM
  • I am not sure what you mean then. The header is always set to deny for the actual login page.

    Can you give more details on the architecture (auth scheme) of these pages?


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, August 4, 2016 2:35 PM