0

Hi,   I have a requirement in my application where I need to open another app using an iFrame. I’ve done the configuration, and when trying to open it, I’m getting an error saying “App refused to connect” even though both apps use AD SSO. If I open the second app in a new tab (without the iFrame), it works fine and doesn’t ask for the login page. I checked the network tab, and it seems that while authorizing the second app, it’s failing due to some security restrictions. However, it’s a client requirement to open the app within an iFrame.   What I’ve tried: Verified that both applications are configured under the same Azure AD tenant. Confirmed that SSO works correctly when opening the second app directly in a new tab. Checked browser console and network logs — it seems to fail during authorization, possibly due to X-Frame-Options or Content Security Policy (CSP) restrictions.   Is there any way to allow the second app to load inside an iFrame without breaking SSO authentication?Or is this a known security limitation with AD SSO and iFrames?

asked 2025-11-05

0 answers