This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 65%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
Hi All,
I have an enterprise application integrated with Azure AD using SAML SSO. Also, all the users in the tenant has MFA and SSPR enabled with few users yet to configure their SSPR.
Architecture of application:
Enterprise app is similar to an appstore where we have links to many sub apps. Upon clicking a sub app, an iframe loads with in the Home page and inside that iframe, we are loading the sub app. So whenever the user who has not configured the SSPR tries to login, it will always redirect to the configuration page and they usually skips the setup and lands on the home page. And now the same user clicks on the sub app and when the sub app gets opened in an iframe, we will see an error message saying login.microsoftonline refused to connect.
Can someone share your thoughts here. Is it because we opening the sub app in iframe. I can see in network trace that , the sub app is also redirecting to login.microsoftonline for the sspr setup. Please share your though to avoid this situation.
Thank you
Diljith.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 1%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESL%3C/text%3E%3C/svg%3E)
Did you manage to solve this issue ? we are having the same issue and struggling for the solution.
Please help if you managed to resolve it.
-Sudhir.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 71%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Hi,
Has anyone managed to solve this? The approach using 3rd party cookies did not help for us. For us we try to embed a page using SharePoint "embed"/IFrame. That embedded page needs authentication using an oauth flow. Technically this is achieved through traefik auth: https://github.com/thomseddon/traefik-forward-auth
If the user has ever before accessed the application it is working fine. But if not I'm redirected to the login.microsoftonline page. And that denies to be shown in an IFrame.
Is there any way to tell SharePoint that it is okay to show the login page in an IFrame? Or would I need to modify the login flow from traefik to open the login page in a pop-up (which would probably also be blocked and would make it difficult to continue after completing the login in the original page/IFrame). The second approach is especially difficult since I think from traefik I cannot know if the oauth flow on MS side would need to redirect me to login.microsoftonline or not.
I've tried to discuss this
https://github.com/thomseddon/traefik-forward-auth/pull/264 there as well, but I think this can only be fixed by Microsoft...
Hi,
have there been any changes in this field during the last 2-3 weeks? I've had a clearly reproducible test case for this and now I'm not longer able to reproduce the issue. Basically this is good obviously, but why?
BR
Johannes
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 44%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
Try these, it should work for different browsers.
https://blog.atwork.at/medium.aspx?id=c14c3ae3-3aba-429d-a748-b74283dbd463&date=/post/2020/09/13/
Note : You can use Firefox to get it worked rather edge.
Happy SharePointing!! :)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 41%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
Thanks this worked for me
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 94%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Thanks this also worked for me
I would look in the developer tools when the iframe is loading and see why it is blocked. I suspect the site either has an x-frame-option or content-security-policy which is preventing the site being loaded in an iframe.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 8%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJC%3C/text%3E%3C/svg%3E)
We are having these same issues. Would the x-frame-options need to be set on login.microsoftonline.com? We don't control this.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
@Diljith PC Thanks for reaching out and apologies for delay on this.
Due to the popularity of clickjacking on the internet, it is common to prevent login pages from being display inside frames. The X-FRAME-Options meta tag in HTML makes it easy for providers to implement this safeguard on a widespread or domain/origin-specific basis.
So as your page sends the request for login before doing SSPR it would fail.
Can you try popups/add-in communication via web sockets in your app to handle the login request.
Read more here : https://learn.microsoft.com/en-us/archive/blogs/richard_dizeregas_blog/connecting-to-office-365-from-an-office-add-in#mastering-the-popup
-----------------------------------------------------------------------------------------------------------------
If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community
Did you manage to solve this issue ? we are having the same issue and struggling for the solution.
Please help if you managed to resolve it.
-Sudhir.