Apex Code Development You need to sign in to do that
Don't have an account?
medmo Iframe Windows authentication Internet Explorer logging user out when returning to Salesforce
Having some real problems getting a Visualforce page to work with Internet Explorer 11.
I have the following Visualforce Page:
<apex:page controller="MyController"> <iframe frameborder="0" height="800px" id="itarget" name="itarget" scrolling="auto" src="https://mysite.com" title="Content" width="100%"></iframe> </apex:page>
If I don't add *.mydomain.com to the Trusted Sites, opening the Visualforce page shows this:
And takes my domain\username credentials.
If I do add my domain to the Trusted Sites, and select the IE Security option for Logon to: Automatic logon with current user name and password then my current credentials work, and the iframe content loads as intended.
In either case, after taking my Windows credentials, I am able to use the functionality inside the iframe correctly. But as soon as I navigate to any other Salesforce page, it kicks me out to the login page:
If I log back in without closing my browser and go back to that Visualforce page, everything works, and I can navigate to other Salesforce pages just fine. But if the browser is re-opened or if I try it in a new tab, I always get kicked out of my Salesforce session.
In the IE console, running:
document.cookie
Shows that after navigating to that Visualforce page, my entire cookie is being destroyed, except for BrowserId. After logging back in and navigating to that Visualforce page a second time, I retain my cookie. Chrome does not have this issue, and does not destroy my cookie after Windows Authentication.
I've tried almost every setting in IE, but I can't get the browser to allow this iframe without ending my session.
It's likely not an HTTP/HTTPS issue: the src= can be changed to an external http or https site and the iframe works. It's only with Windows Authentication that it breaks.
It's likely not an issue with P3P headers: in the above situation, IE still renders the iframe and doesn't end the session even with P3P errors in IE View-->Security Report. Using Fiddler, I can see there's some MALFORMED P3P errors on my salesforce login screen, but that happens without touching my visualforce page.
I added mysite.com as a Remote Site, and Disabled Protocol Security.
I say 'likely' because I'm not particularly experienced with the browser security settings and how they interact with Salesforce. Any help would be greatly appreciated.
I have the following Visualforce Page:
<apex:page controller="MyController"> <iframe frameborder="0" height="800px" id="itarget" name="itarget" scrolling="auto" src="https://mysite.com" title="Content" width="100%"></iframe> </apex:page>
If I don't add *.mydomain.com to the Trusted Sites, opening the Visualforce page shows this:
And takes my domain\username credentials.
If I do add my domain to the Trusted Sites, and select the IE Security option for Logon to: Automatic logon with current user name and password then my current credentials work, and the iframe content loads as intended.
In either case, after taking my Windows credentials, I am able to use the functionality inside the iframe correctly. But as soon as I navigate to any other Salesforce page, it kicks me out to the login page:
If I log back in without closing my browser and go back to that Visualforce page, everything works, and I can navigate to other Salesforce pages just fine. But if the browser is re-opened or if I try it in a new tab, I always get kicked out of my Salesforce session.
In the IE console, running:
document.cookie
Shows that after navigating to that Visualforce page, my entire cookie is being destroyed, except for BrowserId. After logging back in and navigating to that Visualforce page a second time, I retain my cookie. Chrome does not have this issue, and does not destroy my cookie after Windows Authentication.
I've tried almost every setting in IE, but I can't get the browser to allow this iframe without ending my session.
It's likely not an HTTP/HTTPS issue: the src= can be changed to an external http or https site and the iframe works. It's only with Windows Authentication that it breaks.
It's likely not an issue with P3P headers: in the above situation, IE still renders the iframe and doesn't end the session even with P3P errors in IE View-->Security Report. Using Fiddler, I can see there's some MALFORMED P3P errors on my salesforce login screen, but that happens without touching my visualforce page.
I added mysite.com as a Remote Site, and Disabled Protocol Security.
I say 'likely' because I'm not particularly experienced with the browser security settings and how they interact with Salesforce. Any help would be greatly appreciated.