We have a CTI application that is loaded inside a frame in ServiceNow CRM. The application uses cloudlink OpenID Connect Flow for SSO. During this process of authentication, we get an error that says “Refused to display logon.mitel.com inside a frame because it set X-Frame-Options to deny.” How can we achieve SSO authentication while our application is loaded in a frame?
Hi Sanjeev! At what point in the flow do you encounter this error? The URL referenced is confusing, as it’s for something other than the OICD workflow. https://auth.mitel.io/authorize should be what you’re using.
We have used https://auth.mitel.io/authorize only . It must be internally redirecting to logon.mitel.com where X-Frame-Options is set to deny.
We had raised request with IT to remove the x-frame-options header on logon.mitel.com site. However due to security risks, they do not seem to be favor of removing it.
Do you see in such cases wherein the App would be loaded in an frame of a browser window, is there any other way to achieve SSO?
We currently used the Open ID Connect (OICD) Workflow - Auth Portal and achieved SSO using Mitel Auth Portal.
Hi Sanjeev - Last week this issue was raised with the team responsible for authentication, and they saw the video that you sent in. They’re still looking into this, but I believe they wanted you to test the login without using Azure AD and see if the behaviour changed.