tags:

views:

314

answers:

1
Q: 

Cross domain with an Iframe, pointing to SSO server

I have an application, where I am displaying some stuff in javasctip modals using jquery. It req. user to login for certain flows; but we never leave modal for user.

So here is what we do currently.

  1. During user flow if user needs to be logged in, we hide current div and show a login div
  2. Keep a hidden iframe with Source link as that of our SSO server.
  3. Once user submits the form, we submit the hidden iframe to the SSO server
  4. If user gets logged in we proceed with the flow.

Problem is when there is error for user login. We need to get the error codes from the hidden iframe of the page; but because we don't control the content inside iframe, and it's returned by SSO server; we don't know how to read it since it's cross domain.

Any insights?

A: 

So long as there is not client side script being executed from the SSO party you do not need the iframe. The point of using an iframe for security is to prevent AJAX methods from ignoring single origin policy and circumventing SSL encryption. The answer is to remove the iframe. Request the SSO data from the server side and send it to the client from your server as the page is built.

 2010-01-19 20:24:56
The SSO server would need to set a cookie or read an existing cookie to ensure that user is not signed in already. I won't be able to read other domain's cookie on my domain so I need ONLY SSO server to directly verify the signed in status of the user.It is imperative that I have SSO server in iframe so that user credentials be submitted directly to it and so that it sets the cookie in response.Thats is how CAS is working in our case.
Priyank  2010-01-20 03:15:43

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript