current community

your communities

more stack exchange communities

Stack Exchange
tour help
stack overflow careers
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

We're experiencing the same problems. We have SP2010 with ADFS in place. In an iFrame we're loading an external application which is also configured to use ADFS.

If we place an on the page we can open the external app without logging in so SingleSignOn works.

However if we load the external application in an iframe we experience problems.

If we run Fiddler to see which calls are made we see the "normal" adfs flow. When adfs return with the Redirect to the url of the external app the FedAuth cookies provided are not included in the Post-request to the external app. Since the external app does not recieve the cookies we end up in an infinite loop.

The problem is caused by IE treating the authentication cookie as a third party cookie. It's security settings prevent it from adding the cookie to the request. When we change the IE privacy settings to low (accept all cookies) everything works fine.

Does anyone have any idea how we can fix this?

share|improve this question

1 Answer 1

up vote 0 down vote

We have resolved this issue once by putting a dummy "starting" page so that Sharepoint users first hit this page and are forced to authenticate in ADFS.

Then, only on a subsequent page you have your iframe. Even if the iframe doesn't get cookies from the container page, it doesn't really matter - the context is redirected to the ADFS, ADFS issues the token silently (as the user is ALREADY authenticated in ADFS) and the application hosted in the iframe processes the token.

I am not sure why you expect the ADFS response to your application to carry cookies? It never does so, it only carries the SAML token in the response body.

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.