Pretty much every Authorization Server login screen will refuse to render on an iframe by default, as a protection against clickjacking. So redirecting on an iframe will not work. There may be a way to allow this in Azure but I kind of doubt it.
Not sure if there is a solution in sight for you, and it is not a simple thing you are asking for. As a general rule you need to design for security early. A couple of possibilities:
PART 1
Make your hosting domains compatible along these lines, so that cookies or tokens (what ever you are using) can potentially be shared between the apps:
- https://web.mycompany.com/app1
- https://web.mycompany.com/app2
PART 2
Define an interface within the inner (iframe) app for dealing with logins. When the inner app detects that it is running in an iframe it needs to use an implementation that asks the main (host) app to perform things like login redirects on its behalf.
You may then need to issue a cookie across the 2 apps (with a site wide scope) or use the postMessage API to send tokens back to the iframe app (and there are potential security risks with this).
Answer from Gary Archer on Stack OverflowHi @Sriman Ilancheran ,
This seems to be a known issue with x-frame-options. To prevent clickjacking, login pages are prevented from being displayed inside frames.
A few things to try:
Please check if login.microsoftonline.com cookies are blocked. Recent Chrome releases on all platforms and Safari on macOS block or remove cookies.
Ensure that you have allowed "third party cookies" in the browsers.
Related threads which you may have seen:
https://stackoverflow.com/questions/40795633/x-frame-option-deny-error-when-aad-sign-in-in-office-add-in
https://blog.atwork.at/medium.aspx?id=c14c3ae3-3aba-429d-a748-b74283dbd463&date=/post/2020/09/13
https://learn.microsoft.com/en-us/answers/questions/387682/loginmicrosoftonline-refused-to-connect-from-ifram.html
Another resolution is to use popups/add-in communication via web sockets in your app to handle the login request: https://learn.microsoft.com/en-us/archive/blogs/richard_dizeregas_blog/connecting-to-office-365-from-an-office-add-in#mastering-the-popup
Let me know if this helps.
-
If the information helped you, please Mark the answer. This will help us and other members of the community as well.
1234567890
Hi,
I have a strange problem with one user.
Since yesterday evening, his outlook was "offline". It only tries to connect to O365, but the connection could not be established.
So I tried online-mode, which doesnt worked either. I also tried a new profile, but i don't get to the mask to put the password in. The modern Auth window opens, but is giving me the error
404 - login.microsoftonline.com
It works with OWA, SaRa also prompted for a password.
What can I do, to get it running again?
Try these, it should work for different browsers.
https://blog.atwork.at/medium.aspx?id=c14c3ae3-3aba-429d-a748-b74283dbd463&date=/post/2020/09/13/
Note : You can use Firefox to get it worked rather edge.
Happy SharePointing!! :)
I would look in the developer tools when the iframe is loading and see why it is blocked. I suspect the site either has an x-frame-option or content-security-policy which is preventing the site being loaded in an iframe.
Hi Diljith,
Greetings.
It sounds like your situation is related to Azure AD, I kindly suggest you post a new thread on our specific support channel for expert help: azure-active-directory - Microsoft Q&A
Sorry for that our category may have limited resources on checking the issues and questions on this.
Thanks for your understanding and have a nice day!
Best Regards,
Linda
Sure. Thank you Linda.