Cross Origin Iframe

Cross Origin Iframe

  

Hi All,


We have a requirement of calling Outsystems Page through Iframe from a secured third party page.

We do not want a login page before calling that outsystems secured page.What can be the approach and what all security parameters to be kept in mind for this implementation.

We also have to pass few parameters from third party to outsystem in iframe.


Hi Gurpreet,

You can do it by either an implicit login or have your page anonymous. Having the page Anonymous won't ask for login, however security wise you will loose control on who did what. You can pass input parameters to this page.

Is it only page page or you have series of pages and actions?


Shashank... 

Hi Gurpreet,


You need to by pass the login. You can do it by passing username and password in the page as input parameter and login in explicitly

but in this case username and password should be encrypted and again decrypted in outsystems


You also have option to implement SSO by implementing (If that third party application supports)


OAuth2.0

SAML


But in these case it would take more efforts


and also if your domains of both the application is different then inorder to call you outsystems application in Iframe you need to add Content Security Policy in outsystems application so that your outsystems app can be rendered in all browsers without any issues

Regards

Devendra