Allowing Remedy SSO to authenticate applications in iframes
To allow RSSO to launch applications in iframes, you must configure RSSO server to allow launching applications from other domains.
Use case overview
If you have an application which is launched from the parent application in an iframe, and you want to enable the RSSO authentication flow into the child application in that iframe, you must configure the Allow-From Domains option on the RSSO server. The following diagram describes this use case:
To display Allow-From Domain(s) in the RSSO server UI
The Allow-From Domain(s) option is by default displayed only for PREAUTH authentication type, and it is not available for all other authentication types.
To display the Allow-From Domain(s) option, start RSSO server with the following JAVA option: com.bmc.rsso.show.advanced.option.ui=true.
To allow the RSSO server to launch applications in iframes
On the RSSO server, in the Administration Console, configure the Allow-From Domains option for your authentication type.
If you have authentication chains, then you must specify Allow-From Domain(s) for every authentication type in the chain.
The possible values for Allow-From Domains settings are the following:
- * - wildcard. Allowed for all domains
- hostname - Allowed for specified domain, ignoring port
- hostname:port - Allowed for exact match host:port
proto://hostname:port - Allowed for exact match host:port (port is ignored, the actual one is taken from the original referrer).
proto://hostname is not a supported configuration.