SP Initiated SSO with Azure AD and Relay State iFrame Workaround

Johnsen, Thomas 6

We have successfully set up our Azure AD to interact with a SP initiated SSO that sends a Saml Token to the vendor for authentication allowing us to view their app. However, we need to be able to iFrame this vendor web app and I cannot find any clear cut documentation on how to implement a solution.

The main issue is that the login page for Microsoft cannot be placed in an iFrame. I see suggestions on opening that response in a popup, then redirecting back to the frame, but no clear examples or docs regarding how to manage each response or do this from client or server code.

When the url is input into a browser, it simply works, so there is no code in place that does anything special at the moment. So my question is:

What is the documented, microsoft recommended way, with a basic example, of how to workaround the login page not being allowed in an iframe when utilizing Azure AD for an SP initiated SSO w/Saml ?

JamesTran-MSFT 36,456 Reputation points Microsoft Employee

2021-03-17T23:25:39.117+00:00

@Johnsen, Thomas
Thank you for your post and I apologize for the delayed response!

Our single page app documentation, has Sign-in with a pop-up window or Sign-in with redirect articles that might help with your issue. However, I wasn't able to find any SAML related documentation for pop-up windows, or how to bypass the iFrame restriction. Lastly, within B2C I was able to find a doc which talks to iFrame and the Embedded sign-in experience.

I hope this helps! If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
JamesTran-MSFT 36,456 Reputation points Microsoft Employee

2021-03-19T20:48:40.743+00:00

@Johnsen, Thomas
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?