<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z000074tpROCAYOkta Classic EngineSingle Sign-OnAnswered2024-03-25T05:16:09.000Z2021-07-21T14:58:14.000Z2021-07-25T13:59:31.000Z

47qaz (47qaz) asked a question.

July 21, 2021 at 2:58 PM
iframe'd resource server inside of another resource server with an SSO Token.

This is not about running okta in an iframe, I see all of those questions and this is a bit different.

 

We have an existing application (APP X on DOMAIN A) which is authenticated and is acting as a resource server; it has an integration to a third-party application (APP Y on DOMAIN B) that runs in an iframe embeded on a page within APP X. The third party app is not authenticated today.

 

The desire is to add authentication and identity to APP Y. We can make modifications to both applications (but not change their domains) Can anyone point to a reference or suggest an approach?

 

I am guessing we could pass the token using window.postMessage() and watch for changes and relay them along to the iFrame? Is there something bad about this I don't understand?

  • 1 answer
  • 569 views
47qaz likes this.

  • User15869520088343348455 (Vendor Management)

    In order to be able to help you most efficiently, I recommend that you open a case with us to investigate your environment and provide you with the best solution.

This question is closed.
Loading
iframe'd resource server inside of another resource server with an SSO Token.