Verify Session Status for Application in IFrame

Setup
, , , ,
#1

Posted by Edward Bolles

1. Verify Session Status for Application in IFrame

Can you please tell me what is the best way to authenticate applications in an iframe? Given a web application hosts a second application inside an iframe, any requests to the application in the ifram must verify the session of the parent web application is still valid. When the user logs out of the web application, I need authentication in the iframe to fail.

edward bolles

#2

Hi Edward,

Apologies for the late response. Are you still facing issues with how to very the Session Status for the application?

You may have already seen the documentation. I wanted to send it along just in case. You can verify the session status using the OIDC checkSession endpoint or doing a “silent renew” pattern, such as loading the authorization endpoint in an iframe with prompt=none to check if the user is still logged in.

If you are still facing issues with session status, may I suggest raising a Support ticket for further assessment and assistance with your use case.

For assistance with raising a support ticket, please see the following support article:

Getting Support on the ForgeRock Identity Platform and Cloud

Thank you,
Sheila

Note: To expedite time to resolution when raising a ticket, you’ll want to capture the following debug information while reproducing the issue and attach the files to the Support ticket:

  • Before reproducing the issue: (Clear out AM debug logs and enable Message level debugging mode).
  • Reproduce the issue in Message level debug mode and simultaneously capturing a HAR file.

Attach the following files when raising the Support ticket:

  • Export of AM configuration
  • AM verbose debug logs:
  • HAR file

Please see the following KB articles for instructions on capturing the data:

Please note: AM 7 and later uses Logback for configuring debug logging. See Debug Logging for further information.

Additional Resources

#3

Hi Edward,

Apologies for the late response. Are you still facing issues with how to very the Session Status for the application?

You may have already seen the documentation. I wanted to send it along just in case. You can verify the session status using the OIDC checkSession endpoint or doing a “silent renew” pattern, such as loading the authorization endpoint in an iframe with prompt=none to check if the user is still logged in.

If you are still facing issues with session status, may I suggest raising a Support ticket for further assessment and assistance with your use case.

For assistance with raising a support ticket, please see the following support article:

Getting Support on the ForgeRock Identity Platform and Cloud

Thank you,
Sheila

Note: To expedite time to resolution when raising a ticket, you’ll want to capture the following debug information while reproducing the issue and attach the files to the Support ticket:

  • Before reproducing the issue: (Clear out AM debug logs and enable Message level debugging mode).
  • Reproduce the issue in Message level debug mode and simultaneously capturing a HAR file.

Attach the following files when raising the Support ticket:

  • Export of AM configuration
  • AM verbose debug logs:
  • HAR file

Please see the following KB articles for instructions on capturing the data:

Please note: AM 7 and later uses Logback for configuring debug logging. See Debug Logging for further information.

https://backstage.forgerock.com/knowledge/kb/article/a53282600

Additional Resources