Apr 2021
1 / 4
Apr 2021
Jun 2021
ATSrl
Apr '21

Hi All,
I followed stefan’s post on OpenID/OAuth2 carefully.


The post states that:
"By implementing (and extending) an OpenID/OAuth2 server in EGroupware, it is possible to integrate (external/foreign/third-party) web applications into EGroupware.
On the one hand, this is possible as a simple (so-called managed) application that is only displayed in a tab within EGroupware. On the other hand, this web application can also be integrated with an authentication against OpenID/OAuth2. Thus, one accesses the application, the user is authenticated in the background and one is logged into the application. So we have a single sign-on at that point." (the German to English translation is a DeepL responsability. :blush:)"

I am very interested in using a “managed application”. In this case the application should only be displayed in a tab within EGroupware.

However, as stated "A basic prerequisite is that a web application also wants to be integrated. Web applications may include a “flag” indicating that they do not want to be embedded or only want to be embedded under certain circumstances: The X-Frame_Options"
A page without such entry will work. BUT… what happens if the page has that entry ?
Can you give me some help?
I think that using managed sites can really help in an organization allowing users would always have a single interface that “orchestrate” used tools.
Gabriele

  • created

    Apr '21

  • last reply

    Jun '21
  • 3

    replies

  • 843

    views

  • 2

    users

  • 1

    link

2 months later
ATSrl
Jun '21
1

Hi,
I’m still here and I am getting crazy with he X-Frame_Options sameorigin and similar issues. I have two problems in detail. The first is, as I wrote in the previous post, that some applications I would like to use as managed, show up with the X-Frame_Options sameorigin

image
image.png752x106 13.6 KB

So I tried to use a Chrome plugin that deactivate this control (very dangerous) and indeed, in ths case, the application seems to be correctly managed by egroupware but not entirely (i Think).
Indeed, the application appears but it is impossible to be logged into the application because it always gives this error
image
image.png698x166 22.9 KB

Sorry to ask , maybe the problem is trivial and I have figured out that may be related to chrome’s attempt to autofill the login form. So I don’t know if it depends on egw
Thanks
Gabriele

RalfBeckerEGroupware GmbH
Jun '21

The problem can NOT be fixed in EGroupware!

The meaning of that header is “I do NOT want to be displayed in an iframe from a different origin”.
The browser simply follows what your applications tells it.

So to fix it, you have to find the setting in your application, to either:

  • switch it off or
  • specify the EGroupware origin or
  • otherwise get ride of that header (eg. with a proxy)

Ralf

ATSrl
Jun '21

Hi Ralf
Thanks vor you valuable advice.
Ill’try immediatly
Gabriele