Service Web Panel - Viewing external site page using SSO


I have a customer that I've recently migrated from SO 7.5 SR2 to SO 9.2R09 onsite.

The former solution was using HTTP, but now we're using HTTPS for the SO site.

We have been using AD-connected user accounts in SO both in the old environment as well as in the new one.

In service we have had a web panel pointing to an external system page where we add the currently viewed ticket id as an argument in the url.

This external system is built in Lotus Notes and uses SSO for identifying the user.

After the migration nothing was viewed in this panel, which we first thought was related to the usage of http in the url, that is now changed to https, which was expected to solve the problem.

Still, the external page doesn't seem to behave as it should, which would be to identify the user via the browsers exposed AD-information.

Is there any special settings that we should look over. Could it be related to some kind of cross site blocking behaviour or something else?

I have checked the start page that the url points to and have noticed that there are redirect-functionality in the page for routing to a login-page if not authenticated, etc. So there might be some kind of behaviour there that might behave a bit different when using https instead of http. 

I have access to the developers of the external system, so more advanced tests and minor changes could probably be executed if needed. 

Any suggestions to where to start digging or what could be the reason for the page not to being viewed as expected?

RE: Service Web Panel - Viewing external site page using SSO

Do you see any errors in the console or network tab of the browser when loading the webpanel?

By: David Hollegien 17 Sep 2021

RE: Service Web Panel - Viewing external site page using SSO

Hi David,

I can't see any obvious errors at least. But I assume that the reason is a combination of running HTTPS, using SSO in both the SO-site and the iframed site together with browser security features in Chrome/Edge (Chrome based).

Some googling gave some indicators to that at least. One question is if it's possible to white list some part in some way or something? Either on the SO-site or in the iframed site.


By: Marcus Svenningsson 22 Sep 2021