Unsupported content


This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.

Allowing Remedy SSO to authenticate applications in iframes

To allow RSSO to launch applications in iframes, you must configure RSSO server to allow launching applications from other domains.  

Use case overview

If you have an application which is launched from the parent application in an iframe, and you want to enable the RSSO authentication flow into the child application in that iframe, you must configure the Allow-From Domains option on the RSSO server. The following diagram describes this use case:

Parent and child applications

To display Allow-From Domain(s) in the RSSO server UI

The Allow-From Domain(s) option is by default displayed only for PREAUTH authentication type, and it is not available for all other authentication types.

To display the Allow-From Domain(s) option, start RSSO server with the following JAVA option: com.bmc.rsso.show.advanced.option.ui=true.

To allow the RSSO server to launch applications in iframes

On the RSSO server, in the Administration Console, configure the Allow-From Domains option for your authentication type.


If you have authentication chains, then you must specify Allow-From Domain(s) for every authentication type in the chain.

The possible values for Allow-From Domains settings are the following:

  • * - wildcard. Allowed for all domains
  • hostname - Allowed for specified domain, ignoring port
  • hostname:port - Allowed for exact match host:port
  • proto://hostname:port - Allowed for exact match host:port (port is ignored, the actual one is taken from the original referrer).


    proto://hostname is not a supported configuration.

Was this page helpful? Yes No Submitting... Thank you