Hi Community,

I’m facing an issue with SSO integration when embedding a Angular application into an OutSystems app.

Setup:

    •    All OutSystems apps in the infrastructure use SSO login (SAML / OIDC).

    •    We also have a Angular application that uses the same user information and SSO login.

    •    One of the Angular pages is being displayed inside an iframe within an OutSystems app.

Problem:

    •    When I log in to my OutSystems application (SSO works fine), the Angular page inside the iframe still shows the login page.

    •    If I click the Login button inside the iframe, it immediately loads the Angular page without asking for credentials again.

    •    So essentially, the user needs to do an extra click to trigger the Angular app login.

Observation:

    •    This seems to happen because cookies/tokens are not flowing properly inside the iframe due to SameSite cookie restrictions.

    •    After the click, the IdP detects the existing SSO session and redirects back without credential prompt.

Questions:

    1.    How can I configure OutSystems to ensure its cookies work correctly inside an iframe (SameSite=None; Secure)?

    2.    Do I need to configure anything on the Angular/IdP side (e.g., silent login, token refresh)?

    3.    Has anyone implemented this setup successfully without requiring the extra login click?

Thanks,

Sai.